How can I retrieve associations between managedDevices, deviceCompliancePolicies, and MobileApps using Microsoft Intune APIs?

Sara Caballero 40 Reputation points
2024-07-01T12:30:38.3333333+00:00

I'm working with Microsoft Intune via Microsoft Graph API and encountered an issue while attempting to retrieve associations between managedDevices, deviceCompliancePolicies, and MobileApps. Specifically, when I make the following API call:

GET https://graph.microsoft.com/beta/deviceManagement/managedDevices/{deviceID}/deviceCompliancePolicies

I receive the following error response:

{
    "error": {
        "code": "BadRequest",
        "message": "Resource not found for the segment 'deviceCompliancePolicies'.",
        "innerError": {
            "date": "2024-07-01T11:55:53",
            "request-id": "78c41668-f76f-475f-9bf5-xxxxx",
            "client-request-id": "7fe6ec9b-46bb-ed59-8763-xxxxx"
        }
    }
}

Could someone please clarify how to correctly retrieve associations between managedDevices, deviceCompliancePolicies, and MobileApps using Microsoft Graph API? Specifically:

  1. How can I retrieve deviceCompliancePolicies that are applied to a specific managedDevice?
  2. How can I fetch information about MobileApps installed on these managedDevices?
  3. Are there specific API endpoints or query parameters I should use to accomplish these tasks?

Any examples or guidance would be greatly appreciated!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,269 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,670 questions
0 comments
Accepted answer
  1. Crystal-MSFT 45,736 Reputation points Microsoft Vendor
    2024-07-02T02:12:02.1533333+00:00

    @Sara Caballero, Thanks for posting in Q&A. Based on my testing, we can use the following API to get the compliance policy and its state on one managed device.

    Action: Get

    URL: https://graph.microsoft.com/beta/deviceManagement/managedDevices/<managed device id>/deviceCompliancePolicyStates

    User's image

    Meanwhile, I find one link list some scripts to get Intune compliance data. You can read it to see if it can help.

    https://doitpsway.com/get-intune-compliance-data-using-powershell-leveraging-graph-api

    Note: Non-Microsoft link, just for the reference.

    To get managed apps on one device, we can query via the following method.

    Action: Get

    URL: https://graph.microsoft.com/beta/users/<user-id>/mobileAppIntentAndStates/<device-id>

    User's image

    In addition, i find a link describe to do this via PowerShell script. You can also refer to it.

    https://andrewstaylor.com/2022/07/26/detecting-which-machines-have-which-intune-applications-installed-via-powershell-and-ms-graph/

    Note: Non-Microsoft link, just for the reference.

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. glebgreenspan 1,450 Reputation points
    2024-07-01T12:58:46.9433333+00:00

    Hello Sara

    The error message you're seeing is because the endpoint deviceManagement/managedDevices/{managedDeviceId}/deviceCompliancePolicies is not a valid endpoint. The correct endpoint to retrieve device compliance policies for a specific managed device is deviceManagement/devices/{managedDeviceId}/compliancePolicies.

    To retrieve device compliance policies for a specific managed device, you can use the following API call:

    CopyGET https://graph.microsoft.com/beta/deviceManagement/devices/{managedDeviceId}/compliancePolicies

    Replace {managedDeviceId} with the actual ID of the managed device you're interested in.

    To fetch information about mobile apps installed on these managed devices, you can use the deviceManagement/devices/{managedDeviceId}/apps endpoint:

    CopyGET https://graph.microsoft.com/beta/deviceManagement/devices/{managedDeviceId}/apps

    This will return a list of apps installed on the specified managed device.

    If you want to retrieve a specific app's details, you can use the deviceManagement/devices/{managedDeviceId}/apps/{appId} endpoint:

    CopyGET https://graph.microsoft.com/beta/deviceManagement/devices/{managedDeviceId}/apps/{appId}

    Replace {appId} with the actual ID of the app you're interested in.

    Here are some query parameters you can use to filter the results:

    • $filter: Use this parameter to filter by app name, package family name, or other properties.
    • $select: Use this parameter to specify which properties you want to retrieve.
    • $top: Use this parameter to limit the number of results returned.

    For example, to retrieve the first 10 apps installed on a specific managed device, ordered by app name:

    CopyGET https://graph.microsoft.com/beta/deviceManagement/devices/{managedDeviceId}/apps?$top=10&$orderby=name
    0 comments
  2. Sara Caballero 40 Reputation points
    2024-07-01T13:12:34.79+00:00

    @glebgreenspan Thanks a lot for your response, but when I use the endpoint : 

    GET https://graph.microsoft.com/beta/deviceManagement/devices/{managedDeviceId}/compliancePolicies

    I encouner this error : 

    {    "error": {        "code": "BadRequest",        "message": "Resource not found for the segment 'devices'.",        "innerError": {            "date": "2024-07-01T13:15:07",            "request-id": "5cdb1e8a-0eb5-4583-81a0-324c0540ed6f",            "client-request-id": "39a43956-0e3c-1522-06b8-7135341d57a2"        }    }}

    Do you know why ? Thanks

    0 comments