- Added a separate script to grab devices older than 30 days ( download script here )
Answering to Badr eddine Zaki, from Linkedin Groups PowerShell Power Users and Modern Endpoint Management
Who gently asked me if would be possible to create a d0evice cloud-based security group from the “lastSyncedDate” attribute then I opened the AAD Portal or Intune Groups to double-check the attributes and how to solve this.
- created a security group (used in the PowerShell script variable) as $targetaadgroupname
- retrieved all Intune Managed Devices active on the past 30 days (list1 $newwerthanlimit)
- Intune has no ObjectID associated to DeviceName
- from this list, I used the DeviceName to retrieve all Azure AD devices (managed, compliant and also active on the past 30 days = $limit variable) with their ObjectID (list2 $aaddevices)
- due to some known issues around Hybrid Azure AD joined environment I created another list/array to clear duplicated devices by DeviceName and same ObjectID (list3 $uniqueArray )
- retrieved all Members from the targeted sec. group: All-AAD-Devices-Active-30-Days (list4 $targetGroupmembers)
- compared each object form Azure AD list ($uniqueArray) against each object in AAD sec. group member ($targetGroupmembers)
- adding only the objectIDs from the Devices not found in the Group
Please check PDF file for the complete post.
Or Download the Script File from Github.