IntuneAAD-GroupScan.ps1



# Running the sample script on all AAD groups

# Connect and change schema
Connect-MSGraph -ForceInteractive
Update-MSGraphEnvironment -SchemaVersion beta
Connect-MSGraph

$Groups = Get-AADGroup | Get-MSGraphAllPages
$Groups = $Groups | sort-object displayname

$AllAssignedApps = Get-IntuneMobileApp -Expand assignments | Select id, displayName, lastModifiedDateTime, assignments
$AllDeviceCompliance = Get-IntuneDeviceCompliancePolicy -Select id, displayName, lastModifiedDateTime, assignments -Expand assignments
$AllDeviceConfig = Get-IntuneDeviceConfigurationPolicy -Select id, displayName, lastModifiedDateTime, assignments -Expand assignments

# Device Configuration Powershell Scripts
$Resource = "deviceManagement/deviceManagementScripts"
$graphApiVersion = "Beta"
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)?`$expand=groupAssignments"
$DMS = Invoke-MSGraphRequest -HttpMethod GET -Url $uri
$AllDeviceConfigScripts = $DMS.value

# Administrative templates
$Resource = "deviceManagement/groupPolicyConfigurations"
$graphApiVersion = "Beta"
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)?`$expand=Assignments"
$ADMT = Invoke-MSGraphRequest -HttpMethod GET -Url $uri
$AllADMT = $ADMT.value

# Settings Catalogs
$Resource = "deviceManagement/configurationPolicies"
$graphApiVersion = "Beta"
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)?`$expand=Assignments"
$SC = Invoke-MSGraphRequest -HttpMethod GET -Url $uri
$AllSC = $SC.value


Write-host "Total number of Apps found: $($AllAssignedApps.DisplayName.Count)" -ForegroundColor cyan
Write-host "Total number of Device Compliance policies found: $($AllDeviceCompliance.DisplayName.Count)" -ForegroundColor cyan
Write-host "Total number of Device Configurations found: $($AllDeviceConfig.DisplayName.Count)" -ForegroundColor cyan
Write-host "Total number of Device Configurations Powershell Scripts found: $($AllDeviceConfigScripts.DisplayName.Count)" -ForegroundColor cyan
Write-host "Total number of Device Administrative Templates found: $($AllADMT.DisplayName.Count)" -ForegroundColor cyan
Write-host ""
Write-host ""
Write-host ""


#### Config
Foreach ($Group in $Groups) {
#Write-host "AAD Group Name: $($Group.displayName)" -ForegroundColor Green

    # Apps
    #$AllAssignedApps = Get-IntuneMobileApp -Filter "isAssigned eq true" -Select id, displayName, lastModifiedDateTime, assignments -Expand assignments | Where-Object {$_.assignments -match $Group.id}
    #$AllAssignedApps = Get-IntuneMobileApp -Expand assignments | Select id, displayName, lastModifiedDateTime, assignments | Where-Object {$_.assignments -match $Group.id}

    $AssignedApps = $AllAssignedApps | Where-Object {$_.assignments.id -match $Group.id}
    $DeviceCompliance = $AllDeviceCompliance | Where-Object {$_.assignments.id -match $Group.id}
    $DeviceConfig = $AllDeviceConfig | Where-Object {$_.assignments.id -match $Group.id}
    $DeviceConfigScripts = $AllDeviceConfigScripts | Where-Object {$_.groupAssignments.id -match $Group.id}
    $ADMT = $AllADMT | Where-Object {$_.assignments.id -match $Group.id}
    $SC = $AllSC | Where-Object {$_.assignments -match $Group.id}

    if (($($AssignedApps.DisplayName.Count) -gt 0) -or ($($DeviceCompliance.DisplayName.Count) -gt 0) -or ($($DeviceConfig.DisplayName.Count) -gt 0) -or ($($DeviceConfigScripts.DisplayName.Count) -gt 0) -or ($($ADMT.DisplayName.Count) -gt 0) -or ($($SC.DisplayName.Count) -gt 0))
    {
        Write-host "AAD Group Name: $($Group.displayName)" -ForegroundColor Green
    }
    If ($($AssignedApps.DisplayName.Count) -gt 0)
    {
        Write-host "Number of Apps found: $($AssignedApps.DisplayName.Count)" -ForegroundColor magenta
    }
    #Write-host "Number of Apps found: $($AllAssignedApps.DisplayName.Count)" -ForegroundColor cyan
    Foreach ($Config in $AssignedApps) {

        Write-host $Config.displayName -ForegroundColor Yellow

    }


    # Device Compliance
    If ($($DeviceCompliance.DisplayName.Count) -gt 0)
    {
    Write-host "Number of Device Compliance policies found: $($DeviceCompliance.DisplayName.Count)" -ForegroundColor magenta
    }
    #$AllDeviceCompliance = Get-IntuneDeviceCompliancePolicy -Select id, displayName, lastModifiedDateTime, assignments -Expand assignments | Where-Object {$_.assignments -match $Group.id}
    #Write-host "Number of Device Compliance policies found: $($AllDeviceCompliance.DisplayName.Count)" -ForegroundColor cyan
    Foreach ($Config in $DeviceCompliance) {

        Write-host $Config.displayName -ForegroundColor Yellow

    }


    # Device Configuration
    If ($($DeviceConfig.DisplayName.Count) -gt 0)
    {
    Write-host "Number of Device Configurations found: $($DeviceConfig.DisplayName.Count)" -ForegroundColor magenta
    }
    #$AllDeviceConfig = Get-IntuneDeviceConfigurationPolicy -Select id, displayName, lastModifiedDateTime, assignments -Expand assignments | Where-Object {$_.assignments -match $Group.id}
    #Write-host "Number of Device Configurations found: $($AllDeviceConfig.DisplayName.Count)" -ForegroundColor cyan
    Foreach ($Config in $DeviceConfig) {

        Write-host $Config.displayName -ForegroundColor Yellow

    }

    # Device Configuration Powershell Scripts
    If ($($DeviceConfigScripts.DisplayName.Count) -gt 0)
    {
    Write-host "Number of Device Configurations Powershell Scripts found: $($DeviceConfigScripts.DisplayName.Count)" -ForegroundColor magenta
    }
    Foreach ($Config in $DeviceConfigScripts) {

        Write-host $Config.displayName -ForegroundColor Yellow

    }


    # Administrative templates
    If ($($ADMT.DisplayName.Count) -gt 0)
    {
    Write-host "Number of Device Administrative Templates found: $($ADMT.DisplayName.Count)" -ForegroundColor magenta
    }
    Foreach ($Config in $ADMT) {

        Write-host $Config.displayName -ForegroundColor Yellow

    }

    # Settings Catalogs
    If ($($ADMT.DisplayName.Count) -gt 0)
    {
    Write-host "Number of Settings Catalogs found: $($SC.DisplayName.Count)" -ForegroundColor magenta
    }
    Foreach ($Config in $ADSC) {

        Write-host $Config.Name -ForegroundColor Yellow

    }


    if (($($AssignedApps.DisplayName.Count) -gt 0) -or ($($DeviceCompliance.DisplayName.Count) -gt 0) -or ($($DeviceConfig.DisplayName.Count) -gt 0) -or ($($DeviceConfigScripts.DisplayName.Count) -gt 0) -or ($($ADMT.DisplayName.Count) -gt 0) -or ($($SC.DisplayName.Count) -gt 0))
    {
        Write-Host ""
        Write-Host ""
    }


}