Documenting with PowerShell: Documenting mobile devices

This was a request by a friend in one of the peer groups I operate in. He wanted a method to document which mobile devices exist in a O365 tenant and put them into IT-Glue as configurations. I figured I’d help him real quick and blog about it.

The IT-Glue version creates configurations of each asset in O365 and documents the serial number etc. The HTML version is a simple overview of which devices exist. This should help in localizing which mobile devices are completely managed, or only partially too.

IT-Glue version

######### Secrets #########
$ApplicationId = 'AppID'
$ApplicationSecret = 'AppSecret' | ConvertTo-SecureString -Force -AsPlainText
$RefreshToken = 'RefreshToken'
$APIKEy = "LangeITGlueAPIKeyHier"
$APIEndpoint = "https://api.eu.itglue.com"
######### Secrets #########
$CustomerTenant = "Client.onmicrosoft.com"
$ITGlueORGID = "123456"
########################## Script Settings  ############################

If (Get-Module -ListAvailable -Name "ITGlueAPI") { 
    Import-module ITGlueAPI 
}
Else { 
    Install-Module ITGlueAPI -Force
    Import-Module ITGlueAPI
}
#Settings IT-Glue logon information
Add-ITGlueBaseURI -base_uri $APIEndpoint
Add-ITGlueAPIKey $APIKEy
$Baseuri = "https://graph.microsoft.com/beta"
write-host "Generating token to log into Azure AD. Grabbing all tenants" -ForegroundColor Green
$credential = New-Object System.Management.Automation.PSCredential($ApplicationId, $ApplicationSecret)
$CustGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes "https://graph.microsoft.com/.default" -ServicePrincipal -Tenant $CustomerTenant
write-host "$($Tenant.Displayname): Starting process." -ForegroundColor Green
$Header = @{
    Authorization = "Bearer $($CustGraphToken.AccessToken)"
}
write-host "Finding devices in $($CustomerTenant)" -ForegroundColor Green
$devicesList = (Invoke-RestMethod -Uri "$baseuri/devices" -Headers $Header -Method get -ContentType "application/json").value | Where-Object { $_.Operatingsystem -ne "Windows" }

$Configurationtype = (Get-ITGlueConfigurationTypes).data | Select-Object ID -ExpandProperty attributes | Out-GridView -PassThru -Title "Select a configuration type"

$Configurationstatus = (Get-ITGlueConfigurationStatuses).data | Select-Object ID -ExpandProperty attributes | Out-GridView -PassThru -Title "Select a status type"

$manafacture = (Get-ITGlueManufacturers).data | Select-Object ID -ExpandProperty attributes | Out-GridView -PassThru -Title "Select a manufacturer"


foreach ($device in $devicesList) {
    $Existing = Get-ITGlueConfigurations -filter_serial_number $device.deviceId
    if ($Existing) { write-host "$($device.displayname) exists, skipping."; continue }
    $dataobj = @{
        type       = "configurations"
        attributes = @{
            "organization-id"         = $ITGlueOrgID
            "name"                    = $device.displayName
            "configuration-type-id"   = $configurationtype.id
            "configuration-status-id" = $Configurationstatus.id
            "manufacturer-id"         = $manafacture.id
            "serial-number"           = $device.deviceId
        }
    }
    New-ITGlueConfigurations -organization_id $ITGlueORGID -data $dataobj
    $dataobj = $null
}


So this version requires a little manual work – You’ll need to select the device type, and the manufacturer once. I often just select the bulk and fix the few manual ones later on.

HTML version

######### Secrets #########
$ApplicationId = 'AppID'
$ApplicationSecret = 'AppSecret' | ConvertTo-SecureString -Force -AsPlainText
$RefreshToken = 'RefreshToken'
$CustomerTenant = "ClientDomain.onmicrosoft.com"
########################## Script Settings  ############################


$Baseuri = "https://graph.microsoft.com/beta"
write-host "Generating token to log into Azure AD. Grabbing all tenants" -ForegroundColor Green
$credential = New-Object System.Management.Automation.PSCredential($ApplicationId, $ApplicationSecret)
$CustGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes "https://graph.microsoft.com/.default" -ServicePrincipal -Tenant $CustomerTenant
write-host "Starting process." -ForegroundColor Green
$Header = @{
    Authorization = "Bearer $($CustGraphToken.AccessToken)"
}
write-host "Finding devices in $($CustomerTenant)" -ForegroundColor Green
$devicesList = (Invoke-RestMethod -Uri "$baseuri/devices" -Headers $Header -Method get -ContentType "application/json").value | Where-Object { $_.Operatingsystem -ne "Windows" }

New-HTML {   
    New-HTMLTab -Name 'Mobile Devices' {

        New-HTMLSection -Invisible {
            New-HTMLSection -HeaderText 'Android Devices' {
                New-HTMLTable -DataTable ($devicesList | Where-Object { $_.OperatingSystem -eq "Android" } | Sort-Object profileType, deviceOwnership, deviceVersion, operatingSystem, operatingSystemVersion, registrationDateTime, trustType, deviceId)
            }
                New-HTMLSection -HeaderText "Apple Devices" {
                    New-HTMLTable -DataTable ($devicesList | Where-Object { $_.OperatingSystem -eq "iOS" } | Sort-Object profileType, deviceOwnership, deviceVersion, operatingSystem, operatingSystemVersion, registrationDateTime, trustType, deviceId) 
                }
            }
        }
     
    } -FilePath "C:\temp\doc.html" -Online -ShowHTML

And as requested so many times before; the eventual output looks like this:

So that’s it for today! as always, Happy PowerShelling.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.