Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.

The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview

Also vote under Azure AD: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19198480-support-exporting-and-importing-conditional-access

Provide a way to access bitlocker recovery keys programmatically.

Hi,

Two things,

1. It would be awesome if it was possible to re-run scripts on devices that already have had the script run on them.

2. Schedule script to run on devices on specific time and or date, or re-occurring, would also be a neat feature

Please let us see the contents of Powershell script we upload into the Powershell scripts module. It's very hard to sometimes see what you uploaded a few months ago.

We can do this with the start menu xml file in device configuration, so it would be nice to see this feature with powershell aswell.

The only method of getting corporate devices identified in Intune is to upload a CSV.

We'd like the ability to use native PS commands or Graph API to add new devices in as they are purchased.

Graph allows me to get devices after they've been enrolled, but I want to add them in pre-enrollment.

Graph API supports filter. But when try to filter on the wiFiMacAddress when query managedDevices on Intune by property ‘wiFiMacAddress' like
https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=startswith(wiFiMacAddress, 'macAddressValue’), or
https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=wiFiMacAddress eq 'macAddressValue’,
It returns all managed devices, i.e., the filter doesn’t work. Filtering on other data properties/fields such as 'deviceName' or 'lastSyncDateTime', it works as expected.

It will be nice if Graph API can support filtering on all data properties/fields, or at least document which fields work and which don't.

I want to download back my power shell scripts that I have uploaded under Device configuration in Intune. Sometime there are 2-3 administrator working and if somebody left the organization and we want to review existing scripts and we don't have that, we don;t have any option to download them back that have been uploaded.

PowerShell scripts deployed through Intune run in a 32-bit environment, which causes issues when executing 64-bit commands. While this can be worked around by calling the commands through sysnative, it's extra hassle.

A more robust way of targeting scripts based on system architecture and having them execute in a 64-bit environment where available would remove the need for these work-arounds.

Actually there is no CSP for Management of the local Windows PowerShell. We cannot configure if a standard user is allowed to execute powershell scripts. Besides this it would be good to have a CSP equiivalent of GPO Setting "Turn on Script execution" to configure if i.e. scripts need to be signed or will be blocked at all

When a PowerShell script is deployed in user context to Windows devices, a PowerShell window will briefly pop-up for the user, which can interrupt their productivity when there are many scripts being deployed.

The AgentExecutor (C:\Program Files (x86)\IntuneManagementExtension\AgentExecutor.exe) runs PowerShell scripts entirely silent, when example when it does detections for Win32 apps.

Please allow us to deploy PowerShell scripts with Intune fully silent too, without briefly popping up the PowerShell window.

I've looked all through the MSONline module, and don't see any options to manage my end user devices. I need this information to write a connection into serviceNow, because of some business needs. I'm considering using Matt Graeber's excellent .net relection tool, decompile the cmldets and make my own!

Is there a method I'm missing to get to devices from PowerShell?

Having the ability now to use powershell scripts to manage devices is pretty neat. It would be even greater though if the uploaded scripts were readable (and maybe even editable) from the Intune portal, Thanks!

We would like to have a way to get all the Bypass activation lock codes of our apple iOS supervised devices and get a .CSV file for better performance (Like an bulk export button). It saves time to us from looking into each device and get the code by separate.

Intune Graph API should be writable non-interactively

In order to automate tasks with Graph it is essential that scripts can be run non-interactively. Currently the Graph API requires a user login for delegated access to be able to write things. Right now it only supports read access

We need to be able to handle stuff like creating policies, executing device tasks etc, non-interactively.

Would be great if we could view the output of our scripts in the console. For example if a script fails. Today it only says "Failed". Would be great if everything outputted to the PS process would be viewable from the console. Another use case is just to confirm that everything went well (instead of just seeing Succeeded).

Add a brief description for every Intune policy within the graph API (like in the Intune portal). This would simplify and improve the report and documentation capabilities with graph.

Provide the capability to set Max run times for the Powershell scripts within the Intune Portal.
Which is then honored client side by the Intune Management Extension.

Current default is 10 Mins, which cannot be changed as its baked into the service code

I.e Microsoft Intune > Device configuration > PowerShell scripts > Add > Settings > Script Settings > Max Runtime