Discover specific apps on Intune Windows Devices

This blog is about how to discover specific apps on Intune-managed Windows devices. I needed to check whether TikTok was installed. The Dutch government advises not to install this app because of the security reasons involved. Of course, I used a Powershell script to do so and want to share this with you.

Prerequisites

There is only 1 prerequisite and that is the MSAL.PS module for Powershell.

Install it using the following command:

Install-Module MSAL.PS

The script

This is the script:

$logfile = "C:\Temp\Tiktok_Windows.log"
$appname = "*Tik*" # App name to search for

$authResult = Get-MsalToken -ClientId d1ddf0e4-d672-4dae-b554-9d5bdfd93547 -RedirectUri "urn:ietf:wg:oauth:2.0:oob" -Interactive
$Authheader = @{Authorization = "Bearer $($authResult.AccessToken)"}

# Get all autopilot devices
$URL = "https://graph.microsoft.com/beta/deviceManagement/managedDevices"
$DevicesResponse = Invoke-RestMethod -Method GET -uri $URL -Headers $Authheader

#Looping through MS Graph pages if more then a 100 results
$Devices = $DevicesResponse.value
$DevicesNextLink = $DevicesResponse."@odata.nextLink"
while ($DevicesNextLink -ne $null){
    $DevicesResponse = (Invoke-RestMethod -Uri $DevicesNextLink -Headers $Authheader -Method Get)
    $DevicesNextLink = $DevicesResponse."@odata.nextLink"
    $Devices += $DevicesResponse.value
}
$WindowsDevices = $Devices | Where-Object operatingSystem -Like "Windows*"

Start-Transcript -Path $logfile

foreach ($item in $WindowsDevices){

    # Get all managed apps
    $URL = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$($item.id)?`$expand=detectedApps"
    $Response = Invoke-RestMethod -Method GET -uri $URL -Headers $Authheader

    foreach ($app in $Response.detectedApps){
        if ($app.displayName -Like $appname){
            Write-Host "App found like Tik* appname: $($app.displayName) on $($item.deviceName)"
        }
        else {
            Write-Host "$($app.displayName) is not like *Tik* not found on $($item.deviceName)"
        }
    }
}
Stop-Transcript

It’s a simple script that just dumps all the info in a log file.

Change these variables if you want to search for another app or put the logfile in another location:

The output

The output, as stated before, is a log file in the temp folder. And, if you search for the application, you will find the machines which have the app:

This log file created over 200.000 lines of text. You could add some delimiters to export these tables in Excel more easily. I didn’t take the time to do so. 🙂

Have a good one!

Leave a Comment