Intune Devices Report via Graph and Teams

This blog is about a request from a project manager. He wanted to be automatically updated about the new intune devices enrolled. So, I decided to build an Intune devices report via Graph and update it weekly in a Microsoft Teams channel post.

Prerequisites

I am not really a Power Automate/Logic App guy (I know these are incredible but I need to find the time to gain knowledge about these products), I decided to build everything in an Azure Automation Account.

The only prerequisite is that you have an Azure subscription.

Azure Automation Account – Intune Devices Report

Firstly, we need an automation account. Log on to Microsoft Azure. Search for “Automation Accounts”:

After that, create a new Automation Account:

• Put in a New Resource Group
• Give the Automation Account a Name
• Select the appropriate Region
• Give the automation account a System Assigned Managed Identity
• Make sure it has Public Access (you can change this later on with a private endpoint)
• Assign Tags if you like and create the automation account.

As a result, you should have the following displayed:

We need to add a couple of things to the automation account.

Firstly, we need to add an “Azure Run As Account”. Click on the Automation Account and click on “Run as accounts“:

Click on Azure Run As Account and after that on create.

The result should look like this:

Next, we need to add some API permissions to this Run As Account. We need to be able to create a report from all the managed devices and upload this file to SharePoint.

When we created the Azure Run As Account, an App Registration was created. Go to this App Registration:

After that, add the following permissions:

We need to add the following modules to the automation account:

• PNP.Powershell
• PSTeams
• Microsoft.Graph.Intune
• MSAL.PS

Go to Modules in the automation account and click on Add a module:

You can grab Microsoft.Graph.Intune, MSAL.PS & PSTeams from the gallery: (Do this for each module)

The PNP.Powershell module needs to be installed manually via a file (At the moment of writing there is a bug in the newest version (1.11.0))

You can save the previous version of the module via the following command:

save-module PNP.Powershell -RequiredVersion 1.10 -Path C:\Temp\Modules\

After that, zip the folder where the module resides and upload it into the automation account:

Make sure All Modules are available in the automation account:

Create the Teams webhook

We need the webhook application for teams to post a channel message with our report. Make sure you have the appropriate permissions to add this application to a Teams channel.

I have a separate channel in Team called reports:

Here, we add the webhook. Click on the +:

Click on more apps:

And search for “Incoming Webhook“

Add the runbook to the Automation Account – Intune Devices Report

Go to Automation Account and add a runbook:

Paste this in the runbook.

After that, we edit some variables:

PNPSiteCollection –> This is the site collection URL for the teams channel
LibrarytoUploadReport –> Library in the site collection in teams
TeamsWebhookURL –> URL we noted in the notepad from creating the incoming webhook
TenantID –> Your tenant id
LinktoManagedDeviceReport –> Only change this part of the URL to PNPSiteCollection/LibrarytoUploadReport

Lastly, start the runbook and find yourself a managed devices report chat in the Teams channel:
It states how many devices are currently managed and the button views the report:

References:

LazyAdmin
Practical365
PSTeams

Other Posts:
Domain Join Profile Intune via Powershell
Intune Assign Store Applications via Powershell