Intune Enrollment Status Collection

PDQ could do this, we'd just need to find an identifier that would show if the PC was enrolled or not. I couldn't really find anything like a registry key that is created that says the PC is "Intune Managed". I made a scanner that looks for 3 potential identifiers that are created as part of Intune Enrollment, but are not a flag itself.

I don't know if this is 100% accurate because it doesn't seem to reflect all of the computers I've enrolled in Intune and we have many remote computers. But the folder and registry keys show up in a majority of computers at least.

I'd be interested in a better way to tell, but this is the best I have right now.

Thanks James for the suggestion. I did try that but unfortunately not every computer shows up when doing it that way (like you said). I think I did find a reliable way of doing it however. I found a script online and converted it into a Powershell Scanner and created a collection to look for the UPN field to see if a certain string exists. So far, that seems to pick up every computer enrolled into Intune. Look at the next post for the script to use for the powershell scanner.

function Get-MDMEnrollmentStatus {
    <#
    .Synopsis
    Get Windows 10 MDM Enrollment Status.
 
    .Description
    Get Windows 10 MDM Enrollment Status with Translated Error Codes.
 
    Returns $null if Device is not enrolled to an MDM.
 
    .Example
    # Get Windows 10 MDM Enrollment status
    Get-MDMEnrollmentStatus
    #>
    param()
    #Locate correct Enrollment Key
    $EnrollmentKey = Get-Item -Path HKLM:\SOFTWARE\Microsoft\Enrollments\* | Get-ItemProperty | Where-Object -FilterScript {$null -ne $_.UPN}
    return $EnrollmentKey
}

Get-MDMEnrollmentStatus