How to Export Intune reports using Graph APIs?

Posted on July 7, 2022 by Pankaj

Summary

The following REST API call is to get the InTune report data for the tenant.

# The API is a REST call with the request body to get the report CSV file.
https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs

Please refer here for more details on the API.

Step By Step Solution

Step # 1 Create an Azure AD app with the MS Graph “DeviceManagementManagedDevices.Read.All” permission.

MS Graph “DeviceManagementManagedDevices.Read.All” permission.

Please note the Application ID, Secret, and Tenant ID. You will need these three pieces of information in the PowerShell Script.

Step # 2 Using PowerShell run the following script.

# Init Variables
$outputPath    = "C:\Hold"
$outputCSVPath = "C:\Hold\EAWFAreport.zip"  #might need changed

$ApplicationID   = "TOBE CHANGED"
$TenantID        = "TOBE CHANGED"
$AccessSecret    = "TOBE CHANGED"

#Create an hash table with the required value to connect to Microsoft graph
$Body = @{    
    grant_type    = "client_credentials"
    scope         = "https://graph.microsoft.com/.default"
    client_id     = $ApplicationID
    client_secret = $AccessSecret
} 

#Connect to Microsoft Graph REST web service
$ConnectGraph = Invoke-RestMethod -Uri https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token -Method POST -Body $Body

#Endpoint Analytics Graph API
$GraphGroupUrl = "https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs"

# define request body as PS Object
$requestBody = @{
    reportName = "Devices"
    select = @(
        "DeviceId"
        "DeviceName"
        "SerialNumber"
        "ManagedBy"
        "Manufacturer"
        "Model"
        "GraphDeviceIsManaged"
    )

}

# Convert to PS Object to JSON object
$requestJSONBody = ConvertTo-Json $requestBody

#define header, use the token from the above rest call to AAD.
# in post method define the body is of type JSON using content-type property.
$headers = @{
    'Authorization' = $(“{0} {1}” -f $ConnectGraph.token_type,$ConnectGraph.access_token)
    'Accept' = 'application/json;'
    'Content-Type' = "application/json"
}

#This API call will start a process in the background to #download the file.
$webResponse = Invoke-RestMethod $GraphGroupUrl -Method 'POST' -Headers $headers -Body $requestJSONBody -verbose


#If the call is a success, proceed to get the CSV file.
if ( -not ( $null -eq $webResponse ) )
{
    #Check status of export (GET) until status = complete
    do
    {

#format the URL to make a next call to get the file location.
        $url2GetCSV = $("https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs('{0}')" -f $webResponse.id)
        "Calling $url2GetCSV"
        $responseforCSV = Invoke-RestMethod $url2GetCSV -Method 'GET' -Headers $headers  -verbose
        if (( -not ( $null -eq $responseforCSV ) ) -and ( $responseforCSV.status -eq "completed"))
        {
            #download CSV from "URL=" to OutputCSVPath
            #### It means the completed status is true, now get the file.
            Invoke-WebRequest -Uri $responseforCSV.url -OutFile $outputCSVPath
		# Un Zip the file.
            Expand-Archive -LiteralPath $outputCSVPath -DestinationPath $outputPath

        }
        {
            Write-Host "Still in progress..."
        }
        Start-Sleep -Seconds 10 # Delay for 10 seconds.
    } While (( -not ( $null -eq $responseforCSV ) ) -and ( $responseforCSV.status -eq "inprogress"))

}

After this PowerShell script call, you should see the Zip and CSV files in the C:\Hold Folder.

Conclusion

The above steps will help you to get the InTune reports data file. The API still in the beta if anything changes I will update this post.

Unknown's avatar

About Pankaj

I am a Developer and my linked profile is https://www.linkedin.com/in/pankajsurti/
This entry was posted in Technical Stuff. Bookmark the permalink.

5 Responses to How to Export Intune reports using Graph APIs?

  1. Manu kamboj's avatar Manu kamboj says:
    July 21, 2022 at 12:55 AM

    Thanks Pankaj it is greate stuff.

    could you please help me to attached a file from system drive and email using graph API .
    I am unable to attched the file from system drive while email using graph API.

    Reply
  2. dm's avatar dm says:
    October 10, 2022 at 8:40 AM

    Hi, thanks for this great stuff. But I’m having an issue with this powershell script.
    When I run it, it throws up an error:
    Invoke-RestMethod : The remote server returned an error: (401) Unauthorized.

    What do you think might be the issue?

    Thanks

    Reply
  3. Damian's avatar Damian says:
    April 5, 2023 at 8:38 AM

    Really appreciate this. There are many other examples out there of how to do this but this one is the most straightforward (just my opinion).

    Reply
  4. Erik's avatar Erik says:
    May 22, 2023 at 8:06 AM

    Great walk through, is it possible to combine queries in this report to get more info? Add more queries in this section and get all in one or more reports:
    $requestBody = @{
    reportName = “Devices”

    Reply
  5. Arindam Adak's avatar Arindam Adak says:
    September 27, 2023 at 2:38 PM

    Great explanation & easy to understand flow. Worked like a charm.
    I was able to add filters in the request as needed, once I got hold of the format.
    Thanks a lot Pankaj for helping.. Excellent Blog Post.
    Thanks
    Arindam

    Reply

Leave a comment