One of my most popular scripts displays a list of applications and the total number of installs (amongst other things) – here
A recent comment on there asked if there was any way to list the install dates as well and this got me thinking. Could I create a new script which could show exactly which machines have an app installed (whether that’s been pushed or user initiated) and the install date, but quicker than digging around in the portal.
The answer is yes and here it is!
UPDATE: Version 3.0 now released with CSV output as well as clipboard (and MG Graph Auth)
As usual, the script can be found on github here or on PSGallery for quick install:
Install-Script -Name find-intune-app-installsAfter authenticating against your tenant, you will be presented with a popup with a list of all apps detected, assigned or not (you may be looking for old app installs from a now unassigned app after all)
You can of course filter if you have many applications.
Once you have selected an application, click the OK button, this is where the magic happens.
At this point it loops through every device, finds the primary user and the apps installed for that user. If the application is detected, it runs through the troubleshooting history to find the event where the install succeeded and gives you both the hostname and the date.
Some of you may have large estates, so the output you see will also automatically be added to your copy buffer so you can manipulate it further
Hopefully this is of some use!
As always, any comments, requests or suggestions, just add them below.
Hi Andrew,
First of all thank you very much, to me this is a very handful script.
I’ve being looking for this for quit some time.
I just have one question, why using the clipboard instead of exporting it to CSV or some other format?
I would think that this will meanly be used to report so I would think that another format would be more useful to export to then your clipboard?
Hi Kevin,
That makes a lot of sense, I’ll add an export and drop the path into the popup box.
Thanks for the feedback!
Andrew
Hi Kevin,
Version 2.0 has now been published with a CSV output into %temp%
Thanks
Andrew
Thank you for making it a little more convenient.
But I cannot seem to be able to get any install dates.
Any idea as to why?
Hi, what output do you get when you click on an app? Does it show any device names?
Thank you for the script and all the work you put into it.
I can see that device collection is limited to 1000 device.
Maybe introduce paging to accommodate to a larger number of devices ?
Hi, is that when clicking on an app? I’ll see if I can tweak the Graph query to return all results
Yes, after clicking on an app in the gridview.
I have also seen that the $events does not return an “actiontype” member, which is why the occurenceDateTime cannot be retrieved via that condition.
Only the following members are present for $events:
@odata.type
occurrenceDateTime
troubleshootingErrorDetails
Another observation, I am sorry for this 🙂 all in good faith…..
The condition as the script loops through $appstocheck populates an entry in the array $appinstalls for the application even if it is uninstalled, maybe because the if statement only considers the installedstate “failed” and not “notInstalled”.
Once again, very grateful.
I’ve just published v2.1.0 which should fix all of these issues for you. I don’t have more than 1000 devices in my test tenant so no guarantees that will work the first time, any testing is most welcome!
Thank you for a fast update.
The dates are still lacking, it seems while I am testing in my environment (3000 + devices), there is no member labelled “actiontype” for “EVENT”
“Event” has the only the following noteproperty members, actiontype is not one of them:
@odata.type
occurrenceDateTime
troubleshootingErrorDetails
The actiontype appears in the history when the application is installed, that’s why it is looking for it. It might be worth looking at the machines themselves and checking the app has installed correctly
The applications are installed, the status is derived in the previous step in your script as it confirms that since it is a requirement.
I think the issue has to do with the information included for device type. I just compared a Windows device with an Android device.
The member “ActionType” does not exist for Android devices but is present for Windows.
So, mystery solved…….
Well spotted, just added a new version with some extra logic to find the date/time for Android installs
A little feedback regarding version 3.0.0
After testing, I discovered that the installed dates are incorrect for Android devices.
The date returned is the application “CREATED” date and not the install date.
In this test case, a freshly installed device on the 26th of October reports an install date for an application dated March 2022 which also coincides with the application creation date in Intune.
I can’t see anything in the Intune portal, or in Graph which confirms when the app was actually installed onto the device, the options seem to be App Created, App Updated, or app deployed to group, but nothing on the device itself.
Great script thank you!
Not sure if anything has changed in recent times…
Problem I have is I keep getting prompted for authentication after I select the chosen app from the list.
It doesnt error out, just keeps prompting for tenant credentials
There shouldn’t be, it does a single Microsoft Graph Connection and then uses that for all future requests. Sometimes I find closing PowerShell and re-opening gives it a kick
Hi Andrew,
Thanks for your script, I’m about to try it out but I encountered below during authentication, I’m already having Intune Administrator role, shouldn’t this be enough? Can you advise what else Azure permission do I need to apply for?
“needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.”
Hi,
It needs to create an app reg so you will need permissions at the Azure level the first time. After that you should be on with Intune admin.
Global admin is easiest, but I think a role to change roles and permissions should work too
Great script, but there is one thing that doesn’t seem to be correct. You say this script shows what devices have an application installed, which it does to a certain extent, but it only does it when that device is linked to a primary user. You are using the /users(‘primaryuser’)/mobileAppIntentAndStates to get this. I was wondering if there was a way to query the device directly and not through the primary user. Apart from that, it is a very helpful script. Thanks.
You could try this one which queries detected apps at the device level:
https://andrewstaylor.com/2022/11/08/quick-and-easy-application-inventory-with-intune/
Thanks Andrew, I actually found what I was looking for, and you are right I used detected apps
https://graph.microsoft.com/beta/deviceManagement/managedDevices/$($Device.Id)?`$expand=detectedApps
This worked perfectly for me.
Thanks for the quick reply though. I appreciate it .
I entered the script into Powershell, but where do I go to execute the script?
Just run it in the terminal you installed it
Do you know how I can add the Top command to pull all pages.I see the script picks your first 900 apps and it doesn’t navigate to next page.
I have just published v4 which should fix that issue
Thanks a lot for the prompt response !!! That worked.