Experimenting with ChatGPT for Intune

We’ve all heard of ChatGPT and how it’s going to replace us all and we’ll need Neo, Terminator and Chuck Norris to team up to stop it destroying humanity or something like that.

I’ve been using GitHub CoPilot in VSCode since beta so I’m no stranger to AI assistance so I’m going to put ChatGPT through it’s paces.

I started with a fairly basic query, creating an AAD group:

The resulting code works, but it’s using out of date AzureADMS commands from the soon-to-be deprecated module (as expected)

# Connect to Azure AD
Connect-AzureAD

# Create the group
$group = New-AzureADMSGroup -DisplayName "M365 E3 Group" -MailNickname "m365e3group" -GroupTypes "Unified"

# Assign the M365 E3 license to the group
$license = Get-AzureADSubscribedSku | Where-Object {$_.SkuPartNumber -eq "ENTERPRISEPACK"}
$members = @{add=$group.ObjectId}
Set-AzureADGroupLicense -ObjectId $group.ObjectId -AssignedLicenses $license -Members $members

Another AAD style:

And again, the output works, but is using the old module

# Connect to Azure AD
Connect-AzureAD

# Get the group
$group = Get-AzureADGroup -Filter "displayName eq 'Licensed Users'"

# Set the MDM scope to the group
Set-AzureADDeviceManagementAuthorization -Id $group.ObjectId

The reminders are quite handy though:

What about listing Compliant Devices?

Output works, but uses another module scheduled for deprecation

# Connect to Microsoft Intune
$IntuneContext = Connect-MsolService

# Retrieve a list of all compliant devices
$devices = Get-MSOLDevice -all | Where-Object {$_.IsCompliant -eq $True}

# Output the results
$devices | Format-Table -Property DeviceName, DeviceModel, DeviceType, IsCompliant

What if I force it to use Graph SDK?

# Install the Microsoft Graph SDK
Install-Module -Name Microsoft.Graph.Intune

# Connect to Microsoft Graph
Connect-MicrosoftGraph

# Retrieve a list of all compliant devices
$devices = Get-IntuneManagedDevice | Where-Object {$_.complianceState -eq "compliant"}

# Output the results
$devices | Format-Table -Property DisplayName, DeviceModel, DeviceType, ComplianceState

Looks good, but the command is “Connect-MSGraph” so it fails straight away

Finally, something more complex:

# Install the Microsoft Graph SDK
Install-Module -Name Microsoft.Graph.Intune

# Connect to Microsoft Graph
Connect-MicrosoftGraph

# Create the Bitlocker policy
$bitlockerPolicy = New-IntuneDeviceConfigurationPolicy -Name "Bitlocker Policy" -BitLockerEncryptionMethod "AES256"

# Create the antivirus policy
$antivirusPolicy = New-IntuneDeviceConfigurationPolicy -Name "Antivirus Policy" -AntivirusSoftwareRequired $True

# Create the compliance policy
$compliancePolicy = New-IntuneDeviceCompliancePolicy -Name "Compliance Policy" -DeviceCompliancePolicy $bitlockerPolicy,$antivirusPolicy

# Assign the policy to a group
$group = Get-IntuneGroup -Name "your_group_name"
Add-IntuneDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $compliancePolicy.id -GroupId $group.id

The output may look good, but it’s never going to work.

Even if you get it connected, it’s “DisplayName” not “Name”.
BitlockerEncryptionMethod isn’t valid
AntivirusSoftwareRequired isn’t valid
DeviceCompliancePolicy isn’t valid

Conclusion

AI is a very useful tool to assist you, I use CoPilot a lot for the mundane tasks, but the code always needs checking over (it has a habit of using “=” instead of “-eq” for a start)

ChatGPT is useful for a nudge in the right direction, or if you are very specific with your request, but randomly typing in a query may not get the answer you need.

It also won’t troubleshoot any issues and what happens if the code works, but you need to add to it in the future, I’m fairly sure it won’t remember from last time!

There will always be a need for someone to know what to ask, check the code looks ok and troubleshoot when it goes wrong. Experience can never be underestimated, having worked in IT for many years, I have often seen issues and questions before and can answer quicker and more confidently than randomly reading out some AI generated output.