Enterprise App Management in Microsoft Intune is a premium feature that helps organisations deploy and maintain critical applications across their managed Windows devices. While it is a fairly new product, the release of much-needed features has been slow since it was made available in preview. One core feature that has now been made available in Microsoft Graph is the ability to report pending and available updates for applications deployed using Enterprise App Management in Microsoft Intune.
In this article, I will show you how you can use Microsoft Graph PowerShell to produce a report containing pending updates for applications that have been deploying using Enterprise App Management.
Pre-requisites
This report uses the Microsoft Graph PowerShell SDK. If you haven’t installed this Microsoft Graph PowerShell SDK, or it has been a while since you updated it, check out my article on how to update it.
You will also need access to a Global Administrator account to consent to the necessary permissions for reading managed app updates (DeviceManagementApps.Read.All).
View all pending updates for Enterprise App Catalog apps
Start by connecting to Microsoft Graph PowerShell and when prompted, consent to the DeviceManagementApps.Read.All permission.
Connect-MgGraph -Scopes DeviceManagementApps.Read.All
Once connected, use the following command to retrieve a list of all Enterprise Catalog apps and their available updates. This command will produce a result in JSON format and save it to a local file on your workstation, this is the only format this command will produce a result in, so we must manipulate the results to make them readable afterwards.
Get-MgBetaDeviceManagementReportWin32CatalogAppUpdateReport `
-OutFile C:\temp\AppUpdateRaw.json
The next command will then import the JSON string into memory and convert it to a PowerShell object so we can easily extract the data.
$json = Get-Content "C:\temp\AppUpdateRaw.json" | ConvertFrom-Json
Now we have the data, we are first going to initialise an array to produce the report, then loop through each value in the data, format it, and then add it to the report array.
$Report = [System.Collections.Generic.List[Object]]::new()
forEach ($value in $json.values) {
$obj = [PSCustomObject][ordered]@{
"ApplicationName" = $value[1]
"Publisher" = $value[2]
"UpdateAvailable" = $value[8]
"UpdateEligible" = $value[9]
"CurrentAppVersion" = $value[3]
"LatestAvailableVersion" = $value[4]
"ApplicationId" = $value[0]
"IsSuperseded" = $value[5]
"CurrentRevisionId" = $value[6]
"LatestRevisionId" = $value[7]
}
$report.Add($obj)
}
Once the report has been produced, it can be viewed within your PowerShell session by formatting the output as a table using $report | ft.
My json file is reporting empty (or with headers). No applications names are coming up in json.
Does this require GA access? i have permissions to create applications