Report assigned Autopilot profiles with Microsoft Graph PowerShell

The Intune Admin center allows you to export a list of Autopilot devices by going to Devices > Enrollment > Windows Autopilot Devices > Export. However, this export does not give you indepth detail on each device or which Autopilot profile is assigned. Also, after looking at what data is supported in each Graph API request used by the portal to obtain Autopilot device information, I realised it may be difficult for someone to obtain meaningfully.

In this article, you will learn how to generate a report of all Autopilot devices, including which profile is assigned to which device using Microsoft Graph PowerShell.

Requirements

Below are the requirements to generate this Autopilot device profile assignment report:

  1. You must have the following modules installed on your workstation: Microsoft.Graph.Authentication & Microsoft.Graph.Beta.Groups. See my post: How To Install the Microsoft Graph PowerShell Module.
  2. You must have access to a global administrator account to consent to the DeviceManagementServiceConfig.Read.All permission in Microsoft Graph. For more info, see my post: How To Find Permissions For Microsoft Graph PowerShell.

Autopilot device profile assignment report script

Use the below script to generate a report of all devices registered in the Autopilot service in your tenant, including information such as the:

  • Display name
  • Autopilot profile
  • Group tag
  • Device model
  • Entra ID
  • Intune ID

The script will first connect to Microsoft Graph using the required permissions from the Graph API. All registered Autopilot devices will then be stored in the $apdevices variable.

Next the $report array it initialised and a loop is performed to make a Graph API batch request to gather information for each device. This information is collated and then added to the report array.

Connect-MgGraph -Scopes DeviceManagementServiceConfig.Read.All

$apdevices = Get-MgBetaDeviceManagementWindowsAutopilotDeviceIdentity -All

$Report = [System.Collections.Generic.List[Object]]::new()

forEach ($device in $apdevices) {
    
    $batch = @"
{
  "requests": [
    {
      "id": "1",
      "method": "GET",
      "url": "/deviceManagement/windowsAutopilotDeviceIdentities/$($device.Id)?`$expand=deploymentProfile,intendedDeploymentProfile"
    },
    {
      "id": "2",
      "method": "GET",
      "url": "/devices/deviceid_$($device.AzureAdDeviceId)?`$select=displayName"
    }
  ]
}
"@

    $response = Invoke-MgGraphRequest `
    -Method POST `
    -URI "https://graph.microsoft.com/beta/`$batch" `
    -body $batch `
    -OutputType PSObject

    $obj = [PSCustomObject][ordered]@{
        "DisplayName" = $response.responses.body[0].displayName
        "AutoPilot Profile" = $response.responses.body.deploymentprofile.displayname
        "Group Tag" = $response.responses.body[1].groupTag
        "Device Model" = $response.responses.body[1].model
        "Entra ID" = $response.responses.body[1].azureAdDeviceId
        "Intune ID" = $response.responses.body[1].managedDeviceId
    }
    $report.Add($obj)
}

$report | Out-GridView

By default, the report will output the information into GridView, like so:

Autopilot output GridView
Autopilot output GridView

If you need to change the format in which the information is output, you can just put $report if you want to view the information in the console, or you can use | Export-Csv -Path C:\… to export the data to a CSV file.

Summary

I saw a comment on X (Twitter) where someone was trying to get a birds-eye view of their Autopilot profile assignments. However, although assignments are done via group from within Intune, the reporting function within the portal does not give you total detail on the profile assigned to each device.

If you are struggling with Microsoft Graph PowerShell, or you need some assistance with an existing or new PowerShell script, tag me in a post on X (Twitter). It might just make the perfect basis for a new post and you’ll get the answer to your question!

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

Leave a Reply