Hi Everyone.
Updated: 3/24/2023
- Added a separate script to grab devices older than 30 days ( download script here )
Answering to Badr eddine Zaki, from Linkedin Groups PowerShell Power Users and Modern Endpoint Management
Who gently asked me if would be possible to create a d0evice cloud-based security group from the “lastSyncedDate” attribute then I opened the AAD Portal or Intune Groups to double-check the attributes and how to solve this.
- created a security group (used in the PowerShell script variable) as $targetaadgroupname
- retrieved all Intune Managed Devices active on the past 30 days (list1 $newwerthanlimit)
- Intune has no ObjectID associated to DeviceName
- from this list, I used the DeviceName to retrieve all Azure AD devices (managed, compliant and also active on the past 30 days = $limit variable) with their ObjectID (list2 $aaddevices)
- due to some known issues around Hybrid Azure AD joined environment I created another list/array to clear duplicated devices by DeviceName and same ObjectID (list3 $uniqueArray )
- retrieved all Members from the targeted sec. group: All-AAD-Devices-Active-30-Days (list4 $targetGroupmembers)
- compared each object form Azure AD list ($uniqueArray) against each object in AAD sec. group member ($targetGroupmembers)
- adding only the objectIDs from the Devices not found in the Group
Screenshots
Please check PDF file for the complete post.
Or Download the Script File from Github.
Cheers,
Thiago Beier
Thiago Beier🍁 