External/powershell-scripts
1
0
Fork 0
mirror of https://github.com/admindroid-community/powershell-scripts.git synced 2025-12-17 16:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
powershell-scripts/Azure AD Devices Report/GetAzureADDevicesReport.ps1
AdminDroid 36b5f8ae6a Get Azure AD Devices Report 
Get Azure AD Devices Report
2023-04-25 20:11:06 +05:30

219 lines
9.3 KiB
PowerShell
Raw Blame History

<#
=============================================================================================
Name: Get Azure AD Devices Report Using PowerShell
Description: This script gives detailed information on all Azure AD devices
Version: 1.0
Website: o365reports.com
For detailed script execution: https://o365reports.com/2023/04/18/get-azure-ad-devices-report-using-powershell/
============================================================================================
#>
## If you execute via CBA, then your application required "Directory.Read.All" application permissions.
Param
(
[Parameter(Mandatory = $false)]
[string]$TenantId,
[string]$ClientId,
[string]$CertificateThumbprint,
[switch]$EnabledDevice,
[switch]$DisabledDevice,
[Int]$InactiveDays,
[switch]$ManagedDevice,
[switch]$DevicesWithBitLockerKey
)
$MsGraphModule = Get-Module Microsoft.Graph -ListAvailable
if($MsGraphModule -eq $null)
{
Write-host "Important: Microsoft Graph Powershell module is unavailable. It is mandatory to have this module installed in the system to run the script successfully."
$confirm = Read-Host Are you sure you want to install Microsoft Graph Powershell module? [Y] Yes [N] No
if($confirm -match "[yY]")
{
Write-host "Installing Microsoft Graph Powershell module..."
Install-Module Microsoft.Graph -Scope CurrentUser
Write-host "Microsoft Graph Powershell module is installed in the machine successfully" -ForegroundColor Magenta
}
else
{
Write-host "Exiting. `nNote: Microsoft Graph Powershell module must be available in your system to run the script" -ForegroundColor Red
Exit
}
}
if(($TenantId -ne "") -and ($ClientId -ne "") -and ($CertificateThumbprint -ne ""))
{
Connect-MgGraph -TenantId $TenantId -AppId $ClientId -CertificateThumbprint $CertificateThumbprint -ErrorAction SilentlyContinue -ErrorVariable ConnectionError|Out-Null
if($ConnectionError -ne $null)
{
Write-Host $ConnectionError -Foregroundcolor Red
Exit
}
$Certificate = (Get-MgContext).CertificateThumbprint
Write-Host "Note: You don't get device with bitlocker key info while using certificate based authentication. If you want to get bitlocker key enabled devices, then you can connect graph using credentials(User interaction based authentication)" -ForegroundColor Yellow
}
else
{
Connect-MgGraph -Scopes "Directory.Read.All,BitLockerKey.Read.All" -ErrorAction SilentlyContinue -Errorvariable ConnectionError |Out-Null
if($ConnectionError -ne $null)
{
Write-Host "$ConnectionError" -Foregroundcolor Red
Exit
}
}
Write-Host "Microsoft Graph Powershell module is connected successfully" -ForegroundColor Green
Select-MgProfile beta
function CloseConnection
{
Disconnect-MgGraph | Out-Null
Exit
}
$OutputCsv =".\AzureDeviceReport_$((Get-Date -format MMM-dd` hh-mm-ss` tt).ToString()).csv"
$Report=""
$FilterCondition = @()
$DeviceInfo = Get-MgDevice -All
if($DeviceInfo -eq $null)
{
Write-Host "You have no devices enrolled in your Azure AD" -ForegroundColor Red
CloseConnection
}
if($EnabledDevice.IsPresent)
{
$DeviceInfo = $DeviceInfo | Where-Object {$_.AccountEnabled -eq $True}
}
elseif($DisabledDevice.IsPresent)
{
$DeviceInfo = $DeviceInfo | Where-Object {$_.AccountEnabled -eq $False}
}
if($ManagedDevice.IsPresent)
{
$DeviceInfo = $DeviceInfo | Where-Object {$_.IsManaged -eq $True}
}
$TimeZone = (Get-TimeZone).Id
Foreach($Device in $DeviceInfo){
Write-Progress -Activity "Fetching devices: $($Device.DisplayName)"
$LastSigninActivity = "-"
if(($Device.ApproximateLastSignInDateTime -ne $null))
{
$LastSigninActivity = (New-TimeSpan -Start $Device.ApproximateLastSignInDateTime).Days
}
if($Certificate -eq $null)
{
$BitLockerKeyIsPresent = "No"
try {
$BitLockerKeys = Get-MgInformationProtectionBitlockerRecoveryKey -Filter "DeviceId eq '$($Device.DeviceId)'" -ErrorAction SilentlyContinue -ErrorVariable Err
if($Err -ne $null)
{
Write-Host $Err -ForegroundColor Red
CloseConnection
}
}
catch
{
Write-Host $_.Exception.Message -ForegroundColor Red
CloseConnection
}
if($BitLockerKeys -ne $null)
{
$BitLockerKeyIsPresent = "Yes"
}
if($DevicesWithBitLockerKey.IsPresent)
{
if($BitLockerKeyIsPresent -eq "No")
{
Continue
}
}
}
if($InactiveDays -ne "")
{
if(($Device.ApproximateLastSignInDateTime -eq $null))
{
Continue
}
if($LastSigninActivity -le $InactiveDays)
{
continue
}
}
$DeviceOwners = Get-MgDeviceRegisteredOwner -DeviceId $Device.Id -All |Select-Object -ExpandProperty AdditionalProperties
$DeviceUsers = Get-MgDeviceRegisteredUser -DeviceId $Device.Id -All |Select-Object -ExpandProperty AdditionalProperties
$DeviceMemberOf = Get-MgDeviceMemberOf -DeviceId $Device.Id -All |Select-Object -ExpandProperty AdditionalProperties
$Groups = $DeviceMemberOf|Where-Object {$_.'@odata.type' -eq '#microsoft.graph.group'}
$AdministrativeUnits = $DeviceMemberOf|Where-Object{$_.'@odata.type' -eq '#microsoft.graph.administrativeUnit'}
if($Device.TrustType -eq "Workplace")
{
$JoinType = "Azure AD registered"
}
elseif($Device.TrustType -eq "AzureAd")
{
$JoinType = "Azure AD joined"
}
elseif($Device.TrustType -eq "ServerAd")
{
$JoinType = "Hybrid Azure AD joined"
}
if($Device.ApproximateLastSignInDateTime -ne $null)
{
$LastSigninDateTime = [System.TimeZoneInfo]::ConvertTimeBySystemTimeZoneId($Device.ApproximateLastSignInDateTime,$TimeZone)
$RegistrationDateTime = [System.TimeZoneInfo]::ConvertTimeBySystemTimeZoneId($Device.RegistrationDateTime,$TimeZone)
}
else
{
$LastSigninDateTime = "-"
$RegistrationDateTime = "-"
}
$ExtensionAttributes = $Device.ExtensionAttributes
$AttributeArray = @()
$Attributes = $ExtensionAttributes.psobject.properties |Where-Object {$_.Value -ne $null -and $_.Name -ne "AdditionalProperties"}| select Name,Value
Foreach($Attribute in $Attributes)
{
$AttributeArray+=$Attribute.Name+":"+$Attribute.Value
}
$ExportResult = @{'Name' =$Device.DisplayName
'Enabled' ="$($Device.AccountEnabled)"
'Operating System' =$Device.OperatingSystem
'OS Version' =$Device.OperatingSystemVersion
'Join Type' =$JoinType
'Owners' =(@($DeviceOwners.userPrincipalName) -join ',')
'Users' =(@($DeviceUsers.userPrincipalName)-join ',')
'Is Managed' ="$($Device.IsManaged)"
'Management Type' =$Device.ManagementType
'Is Compliant' ="$($Device.IsCompliant)"
'Registration Date Time' =$RegistrationDateTime
'Last SignIn Date Time' =$LastSigninDateTime
'InActive Days' =$LastSigninActivity
'Groups' =(@($Groups.displayName) -join ',')
'Administrative Units' =(@($AdministrativeUnits.displayName) -join ',')
'Device Id' =$Device.DeviceId
'Object Id' =$Device.Id
'BitLocker Encrypted' =$BitLockerKeyIsPresent
'Extension Attributes' =(@($AttributeArray)| Out-String).Trim()
}
$Results = $ExportResult.GetEnumerator() | Where-Object {$_.Value -eq $null -or $_.Value -eq ""}
Foreach($Result in $Results){
$ExportResult[$Result.Name] = "-"
}
$Report = [PSCustomObject]$ExportResult
if($Certificate -eq $null)
{
$Report|Select 'Name','Enabled','Operating System','OS Version','Join Type','Owners','Users','Is Managed','Management Type','Is Compliant','Registration Date Time','Last SignIn Date Time','InActive Days','Groups','Administrative Units','Device Id','Object Id','BitLocker Encrypted','Extension Attributes' | Export-csv -path $OutputCsv -NoType -Append
}
else
{
$Report|Select 'Name','Enabled','Operating System','OS Version','Join Type','Owners','Users','Is Managed','Management Type','Is Compliant','Registration Date Time','Last SignIn Date Time','InActive Days','Groups','Administrative Units','Device Id','Object Id','Extension Attributes' | Export-csv -path $OutputCsv -NoType -Append
}
}
if((Test-Path -Path $OutputCsv) -eq "True")
{
Write-Host "The Output file availble in $outputCsv" -ForegroundColor Green
$prompt = New-Object -ComObject wscript.shell
$UserInput = $prompt.popup("Do you want to open output file?",` 0,"Open Output File",4)
if ($UserInput -eq 6)
{
Invoke-Item "$OutputCsv"
Write-Host "Report generated successfully" -ForegroundColor Green
}
}
else
{
Write-Host "No devices found" -ForegroundColor Red
}
CloseConnection
Reference in New Issue View Git Blame Copy Permalink