How to Download Intune Scripts With Microsoft Graph PowerShell

Have you ever wanted to download a script that someone else has uploaded to your Intune portal but you no longer have access to the original script file? Using Microsoft Graph PowerShell you can extract the actual script files directly from Microsoft Intune and download them to your computer. 

Quite often you will find that scripts can go undocumented and lack change control, this can quickly lead to the original files being lost. This is significantly more of an issue when using Intune and Microsoft provides no native way to download existing scripts from the web portal. 

In this tutorial, I will show you how to download previously uploaded Intune scripts with Microsoft Graph PowerShell.

Pre-requisites​

This script uses version 1 of the Microsoft Graph PowerShell modules. To install Microsoft Graph PowerShell follow my tutorial here: How To Install the Microsoft Graph PowerShell Module.

Also, to delegate permissions to the Microsoft Graph PowerShell app, you will need to log in as a Global Administrator when prompted within this script. If you would like to learn more about permissions with Microsoft Graph cmdlets, check out my tutorial: How To Find Permissions For Microsoft Graph PowerShell.

Locating PowerShell Scripts through the Intune Portal

From the Microsoft Intune web portal, you are able to view the scripts that you have uploaded and deployed to your environment. The problem is that once your scripts have been uploaded, Microsoft provides no convenient way to easily re-download them again. Of-course the assumption is that scripts are documented, stored and change controlled efficiently, however, this is simply not the case most of the time. 

To view the script that have been uploaded to your Intune environment, follow the below steps:

1. Login to Microsoft Intune here https://intune.microsoft.com/ as your Intune Administrator

2. Select Devices > Scripts

Select Devices then Scripts
Select Devices then Scripts

From this page, you will be able to see the script name, target platform, script type, when it was uploaded and if it is assigned or not.

Intune Scripts page
Intune Scripts page

How to download Intune Scripts

This small script will loop through each script that has been uploaded to Intune, grab the script content, convert it back from its encoded state and export it as a ps1 PowerShell file. You can modify the $path variable to change the location of which it is exported to. 

If you do plan on re-using any of the code on this site, please attribute the source, it costs nothing!

#Define output path
$path = "C:\temp\"

Connect-MgGraph -Scopes DeviceManagementConfiguration.Read.All

$Report = [System.Collections.Generic.List[Object]]::new()
$uri = "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts"
$scripts = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts" -OutputType PSObject | select -expand value | select displayname, fileName, id

foreach ($Script in $scripts) {
    $sc = $null
    $uri2 = "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/$($script.id)"
    $sc = Invoke-MgGraphRequest -Uri $uri2 -Method GET
    [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($($sc.scriptContent))) | Out-File -FilePath $(Join-Path $path $($sc.fileName)) -Encoding ASCII
    $obj = [PSCustomObject][ordered]@{
        "Display Name" = $sc.displayname
        "File Name"    = $sc.filename
        "Output Path"  = "$path$($sc.filename)"
    }
    $report.Add($obj)
}

#Show report in console
$report

Once the script has run successfully, you will see an output in the console showing each script that has been exported and the output path to that script.

Intune script report
Intune script report

Summary

This script has been designed to perform the procedure of exporting previously uploaded PowerShell scripts from Intune back to your local machine. It is not overly complex and additional functionality could simply be added. 

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

This Post Has 4 Comments

  1. Prajwal Desai

    Hi Daniel,

    I tried running the script that you provided on my cloud PC and encountered the following error:

    Connect-MgGraph : The term ‘Connect-MgGraph’ is not recognized as the name of a cmdlet, function, script file, or
    operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
    again.
    At C:\Users\cloudpc\Downloads\GetScripts.ps1:4 char:1
    + Connect-MgGraph -Scopes DeviceManagementConfiguration.Read.All

    Does the script need an update?

    1. Daniel Bradley

      Hi Prajwal! Great to hear from you, I follow your blog also!

      The error indicates that you to not have the Microsoft Graph PowerShell modules loaded. If you have installed the modules (Install-Module Microsoft.Graph) already, try importing them first!

      Import-module Microsoft.Graph

      Let me know how you get on!

      Kind regards
      Daniel

  2. Kieran

    Thanks Daniel, I look forward to trying this…love your site

Leave a Reply