Tool for Intune Server Administration
The Microsoft Intune Management Tool is a powerful asset for managing access controls within Intune, specifically focusing on Role Based Access Controls. This tool, written in PowerShell, requires the AzureAD module for authentication.
The tool offers a unique feature: it can generate an HTML Report of the settings applied to the Intune tenant. This report is primarily generated by reading collected diagnostic data to produce a detailed yet user-friendly web page view, facilitating the review of the Intune policies actually applied.
Key Features of the Microsoft Intune Management Tool
HTML Reporting
The HTML report is organized into sections for readability. Notable sections include:
- DeviceInfo : Displays general device info and Intune sync status.
- PolicyScope: Device: Lists all device-level settings applied, grouped by category or product, showing current values, default values, and which provider (usually Intune) applied the setting.
- PolicyScope: : Shows user-specific policies applied on the device for each user profile.
The report does not show policy IDs because Intune policies’ IDs are not stored on the device by design. Instead, it highlights the effective settings currently enforced on the device.
Backup and Restore
During the backup process, the tool creates a special .CSV file for use with the restore feature. The restore process uses the specific URI associated with the content when it was retrieved with the GET method to build the POST request URI.
Sections of Interest
- On-Premises Access: Policies centered on conditional access for Exchange on-premises based on device compliance.
- Device Compliance: Policies focused on getting new devices into the Intune tenant.
- Mobile Applications: View the apps and associated policies centered on Mobile Application Management in your environment.
- Intune Roles: View your Intune roles and the users they are associated with.
- Software Updates (for iOS): Policies that would force your supervised iOS devices to automatically install the latest available software update.
- Apple Volume Purchase Program (VPP): Purchase and distribute books to users in your company.
- Users: Lists the users in your Azure Active Directory environment that are associated with your Intune tenant.
- Conditional Access: Define conditions that prevent access to corporate data based on location, device, user state, and application sensitivity.
- Azure Active Directory Security Groups: Lists all of your Azure Active Directory security groups.
How the Microsoft Intune Management Tool Works
The application retrieves content from the Microsoft Graph API through GET request URIs, where JSON content is returned in the HTTP response body to the application. Once a URI is obtained for a new feature, open the modules file. Arrays of the REST URIs are combined in the main menu function and are easily mapped toward the end of the file.
The tool is based primarily around REST URI requests used by Intune to Microsoft Graph. When Microsoft adds a new feature to Intune, there will likely be a new REST URI associated with this feature.
The Microsoft Intune management tool is an invaluable tool for IT admins seeking to troubleshoot and verify configuration settings within their Intune tenant. Its user-friendly HTML reporting makes it easy to review the Intune policies actually applied, aiding in the management and maintenance of the system.
[1] For more detailed information on the use of MdmDiagnosticsTool and the organization of report sections, please refer to the official documentation provided by Microsoft.
