Since I attended David Falkus‘s Graph API session in Boston, I got enthusiastic about the Microsoft Graph API for Microsoft Intune. As an Azure and Intune (EM+S) expert, one of the features I have been missing the most is the ability to automate repetitive tasks. Not having this option in Microsoft Intune standalone was often a reason to configure Microsoft Intune in a hybrid setup, connected with Configuration Manager. Now with the Microsoft Graph API introduction, we are finally able to automate tasks via PowerShell and other programming languages.
Okay I am not a developer, I am an “IT Pro” with maybe some developer skills that I learned back in the days at school and during the years scripting with VBScript, PowerShell and a long time ago Turbo Pascal, C++, VBA, Visual Basic and so on. Hopefully I can share some knowledge I gained throughout the years and some helpful scripts for you to use so you have something to do during the holiday season. But first let’s start with the non-technical stuff. 😉
Why automation and Microsoft Intune?
Why do we need automation when we work with Microsoft Intune? As a consultant automation of certain tasks can be very beneficial, for instance creating resources automatically instead of creating the resources by hand in the new Intune on Azure portal. But also, Administrators can benefit from automated tasks, tasks like clean up jobs, report lists, changes to resources and remote actions to devices.
Almost every action in the Intune on Azure portal can be automated via the Graph API.
What is Microsoft Graph API?
The Microsoft Graph API provides you a way to get programmatic access via REST-API endpoints to information available in for instance Microsoft Intune, but also Azure Active Directory and Office 365 services.
I love the figure below which illustrates the relations between different objects that can be shown by Microsoft Graph. For instance, you are not only able to identify the devices used by users, but also coworkers and files created by the user.
A good example, is the Intelligent Search & Discovery, formerly known as Delve, which is part of Office 365. With Office Delve you are able to see where you were working, along with what documents you colleagues are working on.
The new Microsoft Intune on Azure Portal (Intune UX) is fully build on the Microsoft Graph API, which means that (almost) every action in the Microsoft Intune portal can also be done via a REST-API call towards the Microsoft Graph.
The cool thing about this is that with a single authentication you can access the Intune Service, Azure Active Directory, Exchange and Office 365. Of course, if all of the permissions and licenses are in place 🙂
Accessing the Microsoft Graph API is done via REST calls, REST calls can be used with PowerShell, but also C#, Curl, Java, Javascript, ObjC, PHP, Python, Ruby and more. So, if you know one of those languages you are able to use it to automate the Intune tasks.
In my next blog we will have a look at how we can access Microsoft Intune via the Microsoft Graph API.