Skip to content
IntuneDeviceInventory
Home ยป Introducing IntuneDeviceInventory

Introducing IntuneDeviceInventory

The PowerShell module IntuneDeviceInventory allows you to add custom fields to Intune device objects. In addition, it included some handy and supportive commands to trigger multiple actions such as a sync or reboot.

I developed the module including the associated UI in cooperation with Jannik Reinhard . If you have feedback on the module / tool, we look forward to a comment or contact via social media.

Table of Contents

Install module

I published the module in the PowerShell Gallery (IntuneDeviceInventory) . You can therefore easily install it on your computer via PowerShell. To do so, enter the following command:

Install-Module -Name IntuneDeviceInventory
Code language: PowerShell (powershell)

Functions

The module can be divided into three function groups: custom field management functions, bulk action functions and supporting functions.

Authentication

You have two options for authentication. Either you sign in with an Intune Administrator or use Azure App authentication.

User authentication

With user authentication, all you have to do is call up the connect command and then enter your credentials:

App authentication

For authentication via app, you must first register an app in Azure AD. This requires the following permissions:

  • DeviceManagementManagedDevices.PrivilegedOperations.All
  • DeviceManagementManagedDevices.ReadWrite.All
  • Group.Read.All
  • GroupMember.Read.All
  • Organization.Read.All
  • User.Read.All

You can either register manually in the Azure or Entra portal (Applications > App registration) or use the function New-IDIApp. With the parameter -Save the connection is stored in encrypted form in your AppData with your user.
If an app already exists and you simply want a new Secret Estellene, use the parameter as well -Force.

# Creates a new App and shows connection details New-IDIApp # Creates a new App and saves the details encrypted in the users AppData: ## ("C:\Users\%username%\AppData\Local\IntuneDeviceInventory\AppConnection\TenantId.connection") New-IDIApp -Save
Code language: PowerShell (powershell)

Even if you do the app registration via PowerShell, you still have to give the "Admin consent" at the end. You will be given the URL after successful creation. After a successful grant, the statuses turn green.

Admin consent

The easiest way to connect to a saved app connection is to call the command Import-IDIAppConnection -Select on. This will show you all saved connections and you can connect with one click.
Alternatively, you can also use the following command with the appropriate app parameters:

Save-IDIAppConnection -ClientId $ClientId -TenantId $TenantId -ClientSecret $ClientSecret
Code language: PowerShell (powershell)

Management of custom fields

The management of the custom fields works best via UI, more on that below.
Of course you can also create and fill in the fields via PowerShell, I show you an example in the demo video.

These are the functions:

  • Add-IDIProperty
  • Get-IDIDevice
  • Set-IDIDevice

Bulk actions

Since it is not very practical to carry out an action quickly for several devices in the Intune portal, I have built in the mass actions to carry out actions based on devices or groups, as well as for all devices.

Currently these are these functions, which in turn are in Minor and major can be divided.
The minor functions only do an update or restart of the device major functions, the device can no longer be used after the command has been sent.

  • Invoke-IDIDeviceBitLockerRotation
  • Invoke-IDIDeviceDefenderScan
  • Invoke-IDIDeviceDefenderSignatures
  • Invoke-IDIDeviceRestart
  • Invoke IDIDeviceSync
  • Invoke-IDIDeviceDelete
  • Invoke-IDIDeviceRetire
  • Invoke-IDIDeviceWipe

You can call all "Invoke" functions with the following parameters:

parameterdescription
-IDIDeviceSpecify a device that you are using Get-IDIDevice have read.
-Groupmembers of a group
-UsersUPN of a specific user. Action is performed for all his devices.
-deviceNameSpecific device name.
-idIntune Device ID
-azureADDeviceIdAzure AD Device ID
(Used for processing the group members)
-AllesTriggers the action for all Intune devices.
-GridShows you a "Grid View" in which you can click/select one or more devices.
-VerboseYou can specify this parameter in addition to another to see the processing of each device. This is especially useful for many devices.

Here is an example using the Verbos parameter:

Invoke IDIDeviceSync

And here is a major function. These are only after a confirmation or with the parameter -Force executed.

Invoke-IDIDeviceDelete
Invoke-IDIDeviceDelete with Force parameter

Supporting functions

All other functions can be found in the repository and contain a description in the header. You shouldn't have to do anything with these. They are called from the other functions or the UI.

This post does not go into the details of the functions. You can find more detailed descriptions and more examples in the project repository on GitHub or in the demo video below.

I've already filled in the "Notes" field! What now?

Don't worry, you can use the module even if you have already filled the "notes" field with information. There is a function for that called ConvertTo-IDINotes.
With this you can convert the notes for a specific device or all of them into a JSON and make them compatible with the IntuneDeviceInventory.

If you're not sure if your note fields are compatible, just run the function Get-IDIDevice -All . With that all devices, including the notes, are read out and checked. If a field is not compatible, an error is issued immediately.
You convert all devices with the command ConvertTo-IDINotes -All.
All devices that are already compatible will be skipped with a warning.

UI to the module

Managing the custom fields via the terminal is not always easy and practical. In order to be able to use the features even more easily, Jannik Reinhard and I have also developed a UI for the module. It's also published at our GitHub repository.

Here is a small section of the UI, you can find more information by clicking the "UI Introduction" button above.

Intune Device Inventory UI

Demo IntuneDeviceInventory (Terminal)

In the video below I show you how to start with the module and what the basic commands are. You can find more examples in my GitHub repository.

Code samples

Here are the examples from the demo video:

#Installing IDI Install-Module -Name IntuneDeviceInventory # Creates a new App and shows connection details ## login with the Admin required (Application administrator, Application developer or Cloud application administrator) New-IDIApp # Creates a new App and saves the details encrypted in the users AppData: ## ("C:\Users\%username%\AppData\Local\IntuneDeviceInventory\AppConnection\TenantId.connection") New-IDIApp -Save # Creates a new App and saves the details encrypted in the users AppData # -Force creates a new secret if the app already exists New-IDIApp -Save -Force # Lists all aviable/saved connections Import-IDIAppConnection -All # Authentication with a saved Azure App Import-IDIAppConnection -TenantId your.domain.com # Authentication with a saved Azure App (if you have multiple and want to select) Import-IDIAppConnection -Select # Convert existing device notes ConvertTo-IDINotes -All -PropertyName "purchase date" # Ge all devices Get-IDIDevices -All # Add property Add-IDIProperty -PropertyName "Monitor" # Select a device to edit a property $Device2edit = $IDIDevices_all | Out-GridView -OutputMode Single # Set device Property $Device2edit.Monitor = 'Samsung Odyssey G9' # Update device in Intune with changes Set-IDIDevice -IDIDevice $Device2edit # Bulk commands ## Trigger sync for all devices Invoke-IDIDeviceSync -All ## Trigger reboot for devices in Group "DEV-WIN-Pilot" Invoke-IDIDeviceRestart -Group "DEV-WIN-Pilot" ## Trigger reboot for devices, selected in GridView Invoke-IDIDeviceRestart -Grid ## Trigger Defender Signatures update for specific device Invoke-IDIDeviceDefenderSignatures -deviceName 'dev-w11-1'
Code language: PowerShell (powershell)

11 thoughts on “Introducing IntuneDeviceInventory”

  1. Love this. I love the idea of bulk actions.
    Is bulk delete possible?

    I'm working on a tenant to tenant migration, and need to delete devices from old tenant after an OS re-install so that it gets picked up in the new tenant.

    Thank you!

  2. Looks Great however won't show any devices. Wondering if it isn't handling the number of devices, we have in our tenant we have close to 35,000 devices in total.

    1. Hi Ben, wow 35k is a lot. I tested it up to 5k. Those 5k took around 5 minutes to initialize.
      Did you try to use the -verbose parameter?
      In addition, I try to implement a progress parameter to show what's happening.

  3. Does the group have to be a specific type of group? When i run (Invoke-IDIDeviceRestart -Group "Test-IPADRebootgroup" -verbose) it shows 2 members found then the next line is "WARNING: No device was found with the specified search criteria." I am not sure what i am missing.

    Thank you for this information!

    1. Hi Chris, this can happen if one of the devices is not in Intune anymore. The case the group memberships are checked via the azure AD Devices id which are present for some time after deletion.

      1. Thanks for the quick response, I am able to run the command directly to the device based on the ID and confirmed it worked. The command i am using is (Invoke-IDIDeviceRestart -AzureADDeviceID "*Azure ID of Ipad*".

        I am currently working on a powershell script to import a csv of all the IDs but doing it based on group would be much easier.

        Thank you,

Leave a Reply

Your email address will not be published. Required fields are marked *