Intune Enrollment Status Collection

• 

  James D

  May 24, 2022 19:23

  PDQ could do this, we'd just need to find an identifier that would show if the PC was enrolled or not. I couldn't really find anything like a registry key that is created that says the PC is "Intune Managed". I made a scanner that looks for 3 potential identifiers that are created as part of Intune Enrollment, but are not a flag itself.

  I don't know if this is 100% accurate because it doesn't seem to reflect all of the computers I've enrolled in Intune and we have many remote computers. But the folder and registry keys show up in a majority of computers at least.

  

  I'd be interested in a better way to tell, but this is the best I have right now.

  0
• 

  Kyle Salce

  May 26, 2022 20:07

  Thanks James for the suggestion. I did try that but unfortunately not every computer shows up when doing it that way (like you said). I think I did find a reliable way of doing it however. I found a script online and converted it into a Powershell Scanner and created a collection to look for the UPN field to see if a certain string exists. So far, that seems to pick up every computer enrolled into Intune. Look at the next post for the script to use for the powershell scanner.

  0
• 

  Kyle Salce

  May 26, 2022 20:08

  function Get-MDMEnrollmentStatus {
      <#
      .Synopsis
      Get Windows 10 MDM Enrollment Status.
   
      .Description
      Get Windows 10 MDM Enrollment Status with Translated Error Codes.
   
      Returns $null if Device is not enrolled to an MDM.
   
      .Example
      # Get Windows 10 MDM Enrollment status
      Get-MDMEnrollmentStatus
      #>
      param()
      #Locate correct Enrollment Key
      $EnrollmentKey = Get-Item -Path HKLM:\SOFTWARE\Microsoft\Enrollments\* | Get-ItemProperty | Where-Object -FilterScript {$null -ne $_.UPN}
      return $EnrollmentKey
  }

  Get-MDMEnrollmentStatus

  1

Please sign in to leave a comment.