In this tutorial I am going to show you how to use Microsoft Graph PowerShell to view all of the available applications you can deploy with the new Microsoft Store experience in Microsoft Intune. Doing so will help you identify the information your need to deploy new Microsoft Store applications through the command line.
Microsoft recently released the new Microsoft Store experience in Intune which simplifies the admin experience in deploying applications to end user devices from the Microsoft Store.
Where previously integration what needed between the old Microsoft Store for Business and Intune, this is no longer necessary as the store apps are baked into the Intune experience.
Pre-requisites
In order to run the commands in this tutorial you must ensure the following:
- Have the Microsoft Graph PowerShell SDK installed – See: How To Install the Microsoft Graph PowerShell Module
- Understand how to identify which permissions you need – See: Fix Insufficient privileges to complete the operation in MgGraph
How to list all available Microsoft Store applications with PowerShell
1. Open PowerShell and Import the Microsoft.Graph.DeviceManagement module.
Import-Module Microsoft.Graph.DeviceManagement
2. Select the ‘beta’ Microsoft Graph profile.
Select-MgProfile -Name Beta
3. Connect to Microsoft Graph and specify the ‘DeviceManagementApps.Read.All’ permission scope. Running the command will launch an interactive login prompt, you must sign in and check the box the consent to the required permissions.
Connect-MgGraph -Scopes DeviceManagementApps.Read.All
4. Use the ‘Get-MgDeviceAppMgtMobileApp’ cmdlet to list available applications from the Microsoft Store.
Get-MgDeviceAppMgtMobileApp
5. You can use the ‘Format-List’ cmdlet to list all attributes for all available applications.
Get-MgDeviceAppMgtMobileApp | FL
How to filter and search for applications
Unfortunately, just using the ‘Get-MgDeviceAppMgtMobileApp’ and the ‘FL’ cmdlet will provide us a lot of detailed information which will be hard to sort through. In order to filter and limit the results, with can search and filter for specific applications and attributes.
To select specific attributes for applications, you can use the select parameter. This will allow you to choose to view specific attributes from your results.
For example, to list the application name, name of the publisher, the published state, the ID and if it is assigned, you can use the below command.
Get-MgDeviceAppMgtMobileApp |`
select DisplayName, Publisher, PublishingState, Id, IsAssigned
The results should look like the below:
In order to filter the results to only application that includes a specific string on test in a attribute, we can use the ‘Where-Object’ cmdlet.
For example, if we want to view all applications that are published by Microsoft, we can run the following:
Get-MgDeviceAppMgtMobileApp |`
select DisplayName, Publisher, PublishingState, Id, IsAssigned |`
Where-Object {$_.Publisher -Like "Microsoft*"}
The results can then be filtered one step further using the -and operator, the below script will list all apps where the publisher and the application display name includes the word ‘Microsoft’.
Get-MgDeviceAppMgtMobileApp |`
select DisplayName, Publisher, PublishingState, Id, IsAssigned |`
Where-Object {($_.Publisher -Like "Microsoft*") -and ($_.DisplayName -Like "Microsoft*")}
Hello, we are just deploying Intune on all devices of the company, and I am looking for a way to deploy a list of apps that are already in Microsoft Store app, via powershell.
I know there is a way for win32 but this is gonna take lot of time to create a the intunewin file for each application and look for it’s Install and uninstall settup.
Can you please help out?
Thank you
Hi Mohamed,
Sure you can, here is an example:
Import-Module Microsoft.Graph.Beta.Devices.CorporateManagement
$params = @{
“@odata.type” = “#microsoft.graph.winGetApp”
categories = @(
)
description = “adobe”
developer = “”
displayName = “Adobe Acrobat Reader DC”
informationUrl = “”
isFeatured = $false
roleScopeTagIds = @(
)
notes = “”
owner = “”
privacyInformationUrl = “https://www.adobe.com/privacy/policy-linkfree.html”
publisher = “Adobe Inc.”
packageIdentifier = “XPDP273C0XHQH2”
repositoryType = “microsoftStore”
manifestHash = “wingetv1:+EM3mr3bOKTLlr8ifQWl8hEc+DssxjNdhodfg03B46w=”
}
New-MgBetaDeviceAppManagementMobileApp -BodyParameter $params
You will just then need to assign the apps to your groups.
You should check out my post here> https://ourcloudnetwork.com/how-to-use-invoke-mggraphrequest-with-powershell/
This doesn’t appear to show all apps from the azure store.
Not from the Azure store no.
Using “New-MgBetaDeviceAppManagementMobileApp -BodyParameter $params”
Which parameter would link to the intunewin file ?