Skip to content

Download Intune PowerShell scripts with Graph Explorer

This quick post will show an easy method to fetch your PowerShell scripts after you have uploaded them using the Intune management portal. Unfortunately, the portal does not provide a UI to download the script content as soon as you hit that save button.

Graph Explorer to the rescue

There are multiple ways to do this using PowerShell scripts. If you want to bulk download all the scripts in your tenant, I recommend using this method, created by Oliver Kieselbach. This module is also capable of downloading proactive remediation scripts from Intune.

The method I want to show today does not involve (complex) PowerShell scripts. The only thing you need is a browser. Head over to https://aka.ms/ge and sign in with your admin account. Use the following request to pull out all the scripts from your tenant:

https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts

To run this request, you’ll need the DeviceManagementConfiguration.Read.All permission.

After running the request, you will find all the scripts in your tenant. To get the script’s content, you’ll need to grab the ID. You can use the CTRL+F (search) feature to quickly find the script you are looking for if you have a lot of output.

You can also find this ID using the Microsoft Endpoint Manager admin center; that’s probably the easiest way.

Now that you have grabbed the ID, you need to run the following request, where you replace {deviceManagementScriptId} with your ID:

https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{deviceManagementScriptId}

This will get the details of your script and does also include the script content.

Now, as you probably noticed, the script content is encoded.

Copy the value of the scriptContent parameter, and paste this into the decoder of your choice, Notepad ++, for example.

You can also use one of the free online converters, such as Base64 Decode and Encode – Online

The same works for custom detection scripts in Intune Win32 apps by running:

GET https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/{id} You can find the encoded string under rules > scriptcontent. 

It also works for proactive remediation scripts using these API calls for both detection and remediation script:

https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/{id}?$select=detectionScriptContent

https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/{id}?$select=remediationScriptContent

Easy right?

Stay safe!

4 thoughts on “Download Intune PowerShell scripts with Graph Explorer”

  1. Pingback: EndPoint Manager Newsletter – 8th April 2022 – Andrew Taylor

  2. Does Microsoft have no shame to produce crap like this?
    The fact you need to do all of this just to see what script is used is pathetic.

    good article though

  3. Many thank you for this, cant believe how convoluted this for such a basic feature, goes to show why MS take forever to update and change anything worthwhile.

Leave a Reply

Your email address will not be published. Required fields are marked *