Introduction to the Intune PowerShell SDK: Native PowerShell support for the Intune API through Microsoft Graph!

Introduction to the Intune PowerShell SDK: Native PowerShell support for the Intune API through Microsoft Graph!

One of the most requested features on the Microsoft Intune UserVoice is to add PowerShell support to manage the service.

Microsoft has now released a preview version of the Intune PowerShell SDK. The new Microsoft.Graph.Intune PowerShell module reduces the complexity significantly in enabling automation scenarios for IT Administrators. Connecting with Intune through Microsoft Graph has never been so easy.

The past

Before the Intune PowerShell SDK was released, authenticating with Microsoft Graph required that IT Administrators had to create app registrations and configure them with the required permissions for Windows Azure Active Directory and Microsoft Graph, in each tenant that they manage.

Then, complex scripts were used for retrieving Microsoft Graph authorization tokens, using a combination of the Application ID (which differs in each tenant) and User Credentials. Using this token the Microsoft Graph API was queried, for example using the Invoke-RestMethod cmdlet.

The present

Today, with the Microsoft.Graph.Intune PowerShell Module, you can authenticate to the Microsoft Intune Graph API using User Credentials only, with the use of a single cmdlet: Connect-MsGraph

If you pay close attention, you’ll notice that Microsoft has added a new Enterprise application with a well-known Application ID (“d1ddf0e4-d672-4dae-b554-9d5bdfd93547”) in your Azure Tenant, named ‘Microsoft Intune PowerShell’. This application has preconfigured permissions, which you will need to consent to the application, either for yourself or on behalf of your organization, in order to use the new module.

Download the Microsoft.Graph.Intune PowerShell Module

You can download the Microsoft.Graph.Intune PowerShell module from the Microsoft\Intune-PowerShell-SDK GitHub Repository.

The Intune PowerShell SDK contains a .NET 4.7.1 release for Windows, and a .NET Standard 2.0 release of the PowerShell Module for any other operating system or platform (including Cloud Shell).

Make sure to check out the README for instructions on how to get started.

If you intend to use the .NET 4.7.1 module on Windows, feel free download and install it directly into your WindowsPowerShell\Modules folder using the script below.  The module will be autoloaded, allowing you to run Connect-MSGraph and all other cmdlets included in this module out-of-the-box!

This requires .NET 4.7.1 installed.
The script below downloads, which is the latest release on the time of writing this post. If a newer version is released that you wish to download with this script, modify the URL first.

# Download the Intune PowerShell module from
# Download the Intune PowerShell module from
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile("", "$($env:TEMP)\")

# Unzip the Intune PowerShell Module
Add-Type -AssemblyName System.IO.Compression.FileSystem
[System.IO.Compression.ZipFile]::ExtractToDirectory("$($env:TEMP)\", "$($env:TEMP)\Intune-PowerShell-SDK")

# Move the contents of the net471 folder, containing the Microsoft.Graph.Intune module for Windows to the Current User's Windows PowerShell Modules folder.
Move-Item -Path "$([System.IO.Path]::GetTempPath())\Intune-PowerShell-SDK\drop\outputs\build\Release\net471\" -Destination "$($env:USERPROFILE)\Documents\WindowsPowerShell\Modules\Microsoft.Graph.Intune"

# Cleanup the Intune-PowerShell-SDK folder from $env:TEMP
Remove-Item -Path "$([System.IO.Path]::GetTempPath())\Intune-PowerShell-SDK" -Recurse -Force

# Now, let's connect!

Available cmdlets

At time of writing, the Microsoft.Graph.Intune PowerShell Module contains 1287 different cmdlets!

You can list them all by running Get-Command -Module Microsoft.Graph.Intune in a PowerShell window.

Example use case

Let’s say you want to send notifications to Microsoft Teams when an Apple Push Notification Certificate is about to expire.

It should be as easy as:

  • Connect to the Microsoft Intune Graph API using a single command: Connect-MSGraph;
  • Get the Apple Push Notification Certificate details using a single command: Get-DeviceManagement_ApplePushNotificationCertificate
  • Send a notification to an Incoming Webhook in Microsoft Teams, if a certificate is about to expire;
  • Schedule the script to run on a daily basis;


Note: You will need to set the $Credential variable.

# Config
$TeamsWebhookUrl = ""

# Connect to Microsoft Intune Graph API
Connect-MSGraph -PSCredential $Credential -ErrorAction Stop

# Retrieve the Apple Push Notification Certificate details
$ApplePushNotificationCertificate = Get-IntuneApplePushNotificationCertificate -ErrorAction Stop

# Alert to Microsoft Teams if a Certificate is about to expire within 14 days.
if ($ApplePushNotificationCertificate.expirationDateTime -lt (Get-Date).AddDays(14)) { 
    # Create Microsoft Teams Incoming Webhook Body
    $Body = ConvertTo-Json -Depth 4 @{
        title    = 'Apple Push Notification Certificate expiring soon!'
        text     = 'But you knew this already, right?'
        sections = @(
                facts = @(
                        name  = "Apple ID"
                        value = $ApplePushNotificationCertificate.appleIdentifier
                        name  = "Expiration Date"
                        value = $ApplePushNotificationCertificate.ExpirationDateTime

    # Send Notification to Microsoft Teams Incoming Webhook
    Invoke-RestMethod -Method Post -ContentType 'Application/Json' -Body $Body -Uri $TeamsWebhookUrl -ErrorAction Stop

If the certificate is about to expire soon, a notification will be logged in Microsoft Teams!

2 thoughts on “Introduction to the Intune PowerShell SDK: Native PowerShell support for the Intune API through Microsoft Graph!

  1. I had to tell powershell to use TLS1.2. Simple one-liner

    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12

Leave a Reply

Your email address will not be published. Required fields are marked *