One of the less-used features in Intune is the Discovered Apps link within Device Details:
This gives a list of all apps it has found, whether deployed by Intune or installed in some other way.
Sadly, out of the box, you have to manually click through each device to have a look which is going to be unmanageable for large estates.
After a Reddit post discussing this, I realised I could grab the values from Graph, do some array based magic and give a basic software inventory for the entire estate and here it is!
As always, you can download the script from my GitHub or from PS Gallery:
Install-Script -Name intune-inventory-discovered-apps
When you run it, you will get a GUI with a list of the apps in your estate and the count of devices with it installed:
As it uses GridView, you have full search and Filter capabilities as well.
Clicking on an app will output the devices it has been discovered on, this will display in the PowerShell window, but will also populate the $deviceswithappinstalled array should you want to export the list.
Hopefully this is of use, comments, feedback and suggestions always welcome!
Hey Andrew, this is a fantastic script.
We are trying to lerverage this to filter apps installed on iOS devices then export it into one giant CSV or Excel for reporting. Would there be an easy way reference IOS installations and dump all the installs with the associated devices into an Excel?
If you have time for a call would love to discuss further. Thanks!
Hi Luke, yes, this could be done with some filtering. Happy to discuss if wanted
I found that what I was after was here:
Microsoft Intune Admin Center\Apps\Monitor\Discovered apps Then select export and click on the Raw Data Set. Exports to CSV and gives you a list of all software and what devices they are on including user names.
Thank you John! i was looking for just this for so long, even looked into custom tools.
Dear,
Thanks for your script. I have a doubt, the output is giving me device names and an ID ..
This ID is totally different than DeviceID or ObjectID.
How can I get those 2 last instead of the ID given by the report? I can’t use the information to do a bulk import to add devices to Intune groups.
Thank you !!
Hi,
The ID is the Intune device ID (the one which shows in the address bar when clicking on a device).
To get the Entra object ID you will need to script the conversion
Ok !! Now I see it 😀
Ok .. I will try to work on it !! Thanks
i have seen that.
my thought was only to search for 1 or 2 products to get the output a little faster 🙂
last question, what is the best way to export the software list to a csv file?
I don’t think it would be a lot faster, the reason it runs slowly is because it has to loop through every device to grab the discovered apps.
To export, it’s all in $appslist so $appslist | export-csv c:\folder\filename.csv should work
Hey Andrew,
first of all really cool tool which helps us a lot.
I have a short question depending the software list output, do you think it will be a big problem to specifie which software i’m looking for.
The main reason is to save time.
Thanks in advance
Regards
Maxi
Hi Maxi,
The output has a filter at the top to restrict the output accordingly
There is no place to add attachments.
I’ll drop you an email
I don’t have an email address for you
If you use the contact form, that will come direct to me and I can reply from there
Excellent script.
I found that you had to highlight the App you wanted information on the click OK to see who had it installed then the PowerShell screen just sat there and I had to do CTRL + X to get out of it. Is this correct?
Hi, after selecting the app and clicking ok, it should give you the machine details in the PowerShell window and then exit back to the prompt when finished. It runs a transcript into the temp directory, if yours is hanging, can you send me a copy and I’ll see what’s happening
Thanks
Hi,
Great script, has been very useful! When trying to search for an app that includes a + symbol (e.g C++), the script errors for each device.
Says “parsing Microsoft Visual C++ etc.” – Nested quantifier +.
Hi,
Thanks for pointing that out! I’ve uploaded version 1.0.2 which should fix it
Hi Andrew,
I was trying to run your powershell scripts (intune-inventory-discovered-apps.ps1 & Get-intune-apps.ps1), it is prompting for Admin consent stating “Unverified” publisher. its stating “Only accespt if you trust he publisher”, can you please give me overview of requested permissions to run above scripts?
Regards,
Ravikant
Hi,
Those errors are just because the scripts aren’t signed (code signing certs are quite expensive). The actual graph permissions will display when it calls Connect-MgGraph and it will give you the option to consent.
Dang, doesn’t work out-of-the-box. Maybe you can help?
(1) Why does this script install every graph module, I’m guessing it only requires 1 or 2?
(2) I’m having issues due to permissions, seems Intune Admin is not sufficient. What additional permissions does the script need in order to run?
Sorry, my fault for the first one, updated now to just use the authentication module
Intune admin should be enough for it to run, but it might be it’s struggling to give the graph permissions required initially, try Azure AD admin as well to see if that nudges it along. The scopes for the script itself are Managed Devices, Device Config and Managed apps