Intune Assignment Checker

Struggling to keep track of which Intune policies and apps are assigned to your users, groups and devices?

The Intune Assignment Checker script is here to simplify your life. It will provide a detailed overview of assigned Intune Configuration Profiles, Compliance Policies, and Applications for user, groups and devices.

• Download the Beta on GitHub

Get notifications about updates, tools, and scripts:

Features

Checks which users, groups or devices are assigned to specific Intune policies.

User

Group

Device

Verifies the app registration permissions against Microsoft Graph and Provides descriptions for each permission to explain why it's necessary.

Prerequisites

Before running this script, you need:1. PowerShell 5.1 or higher.2. Microsoft Graph PowerShell SDK installed. You can install it using:Install-Module Microsoft.Graph -Scope CurrentUser3. An Entra ID application registration with the following permissions granted:- User.Read.All
- Group.Read.All
- Device.Read.All
- DeviceManagementApps.Read.All
- DeviceManagementConfiguration.Read.All
- DeviceManagementManagedDevices.Read.All4. Ensure that you have granted admin consent for these permissions in the Azure portal.

Setup

1. Download the IntuneAssignmentsChecker.ps1 script

2. Fill in your Entra ID application registration details (App ID, Tenant ID, and Secret) at the beginning of the script.

$appid = '<YourAppIdHere>' # App ID of the App Registration
$tenantid = '<YourTenantIdHere>' # Tenant ID of your Azure AD
$secret = '<YourSecretHere>' # Secret of the App Registration

3. Run the script in PowerShell:.\IntuneAssignmentsChecker.ps1

4. Follow the on-screen instructions to select the type of entity you want to check the assignments for in Intune: