@@ -49,11 +49,11 @@ function Get-CIPPAlertIntunePolicyConflicts {
4949 }
5050
5151 $AlertableStatuses = @ (
52- if ($Config.AlertErrors ) { ' error' ; ' failed ' }
52+ if ($Config.AlertErrors ) { ' error' }
5353 if ($Config.AlertConflicts ) { ' conflict' }
5454 )
5555
56- if (-not $AlertableStatuses ) {
56+ if (-not $AlertableStatuses -and -not ( $Config .IncludeApplications -and $Config .AlertErrors ) ) {
5757 return
5858 }
5959
@@ -64,56 +64,66 @@ function Get-CIPPAlertIntunePolicyConflicts {
6464
6565 $Issues = [System.Collections.Generic.List [object ]]::new()
6666
67- if ($Config.IncludePolicies ) {
68- try {
69- $ManagedDevices = New-GraphGetRequest - uri " https://graph.microsoft.com/beta/deviceManagement/managedDevices?`$ select=id,deviceName,userPrincipalName&`$ expand=deviceConfigurationStates(`$ select=displayName,state,settingStates)" - tenantid $TenantFilter
70-
71- foreach ($Device in $ManagedDevices ) {
72- $PolicyStates = $Device.deviceConfigurationStates | Where-Object { $_.state -and ($AlertableStatuses -contains $_.state ) }
73- foreach ($State in $PolicyStates ) {
74- $Issues.Add ([PSCustomObject ]@ {
75- Message = " Policy '$ ( $State.displayName ) ' is $ ( $State.state ) on device '$ ( $Device.deviceName ) ' for $ ( $Device.userPrincipalName ) ."
76- Tenant = $TenantFilter
77- Type = ' Policy'
78- PolicyName = $State.displayName
79- IssueStatus = $State.state
80- DeviceName = $Device.deviceName
81- UserPrincipalName = $Device.userPrincipalName
82- DeviceId = $Device.id
83- })
67+ if ($Config.IncludePolicies -and $AlertableStatuses ) {
68+ $PolicySources = @ (
69+ @ { Type = ' IntuneDeviceCompliancePolicies' ; Kind = ' Compliance' }
70+ @ { Type = ' IntuneDeviceConfigurations' ; Kind = ' Configuration' }
71+ )
72+
73+ foreach ($Source in $PolicySources ) {
74+ try {
75+ $PolicyItems = Get-CIPPDbItem - TenantFilter $TenantFilter - Type $Source.Type | Where-Object { $_.RowKey -notlike ' *-Count' }
76+ foreach ($PolicyItem in $PolicyItems ) {
77+ $Policy = try { $PolicyItem.Data | ConvertFrom-Json - ErrorAction Stop } catch { $null }
78+ if (-not $Policy.id ) { continue }
79+
80+ $StatusItems = Get-CIPPDbItem - TenantFilter $TenantFilter - Type " $ ( $Source.Type ) _$ ( $Policy.id ) " | Where-Object { $_.RowKey -notlike ' *-Count' }
81+ foreach ($StatusItem in $StatusItems ) {
82+ $State = try { $StatusItem.Data | ConvertFrom-Json - ErrorAction Stop } catch { $null }
83+ if (-not $State.status -or ($AlertableStatuses -notcontains $State.status.ToLowerInvariant ())) { continue }
84+
85+ $Issues.Add ([PSCustomObject ]@ {
86+ Message = " $ ( $Source.Kind ) policy '$ ( $Policy.displayName ) ' is $ ( $State.status ) on device '$ ( $State.deviceDisplayName ) ' for $ ( $State.userPrincipalName ) ."
87+ Tenant = $TenantFilter
88+ Type = ' Policy'
89+ PolicyType = $Source.Kind
90+ PolicyName = $Policy.displayName
91+ IssueStatus = $State.status
92+ DeviceName = $State.deviceDisplayName
93+ UserPrincipalName = $State.userPrincipalName
94+ DeviceId = $State.id
95+ })
96+ }
8497 }
98+ } catch {
99+ $ErrorMessage = Get-CippException - Exception $_
100+ Write-LogMessage - API ' Alerts' - tenant $TenantFilter - message " Failed to read cached $ ( $Source.Kind ) policy states: $ ( $ErrorMessage.NormalizedError ) " - sev Error - LogData $ErrorMessage
85101 }
86- } catch {
87- $ErrorMessage = Get-CippException - Exception $_
88- Write-LogMessage - API ' Alerts' - tenant $TenantFilter - message " Failed to query Intune policy states: $ ( $ErrorMessage.NormalizedError ) " - sev Error - LogData $ErrorMessage
89102 }
90103 }
91104
92- if ($Config.IncludeApplications ) {
105+ if ($Config.IncludeApplications -and $Config .AlertErrors ) {
93106 try {
94- $Applications = New-GraphGetRequest - uri " https://graph.microsoft.com/beta/deviceAppManagement/mobileApps?`$ select=id,displayName&`$ expand=deviceStatuses(`$ select=installState,deviceName,userPrincipalName,deviceId)" - tenantid $TenantFilter
95-
96- foreach ($App in $Applications ) {
97- $BadStatuses = $App.deviceStatuses | Where-Object {
98- $_.installState -and ($AlertableStatuses -contains $_.installState.ToLowerInvariant ())
99- }
100-
101- foreach ($Status in $BadStatuses ) {
102- $Issues.Add ([PSCustomObject ]@ {
103- Message = " App '$ ( $App.displayName ) ' install is $ ( $Status.installState ) on device '$ ( $Status.deviceName ) ' for $ ( $Status.userPrincipalName ) ."
104- Tenant = $TenantFilter
105- Type = ' Application'
106- AppName = $App.displayName
107- IssueStatus = $Status.installState
108- DeviceName = $Status.deviceName
109- UserPrincipalName = $Status.userPrincipalName
110- DeviceId = $Status.deviceId
111- })
112- }
107+ $AppItems = Get-CIPPDbItem - TenantFilter $TenantFilter - Type ' IntuneAppInstallStatusAggregate' | Where-Object { $_.RowKey -notlike ' *-Count' }
108+ foreach ($AppItem in $AppItems ) {
109+ $App = try { $AppItem.Data | ConvertFrom-Json - ErrorAction Stop } catch { $null }
110+ if (-not $App -or [int ]($App.failedDeviceCount ) -le 0 ) { continue }
111+
112+ $Issues.Add ([PSCustomObject ]@ {
113+ Message = " App '$ ( $App.displayName ) ' failed to install on $ ( $App.failedDeviceCount ) device(s) ($ ( $App.failedDevicePercentage ) %)."
114+ Tenant = $TenantFilter
115+ Type = ' Application'
116+ AppName = $App.displayName
117+ IssueStatus = ' failed'
118+ FailedDeviceCount = [int ]$App.failedDeviceCount
119+ FailedUserCount = [int ]$App.failedUserCount
120+ FailedPercentage = $App.failedDevicePercentage
121+ Platform = $App.platform
122+ })
113123 }
114124 } catch {
115125 $ErrorMessage = Get-CippException - Exception $_
116- Write-LogMessage - API ' Alerts' - tenant $TenantFilter - message " Failed to query Intune application states : $ ( $ErrorMessage.NormalizedError ) " - sev Error - LogData $ErrorMessage
126+ Write-LogMessage - API ' Alerts' - tenant $TenantFilter - message " Failed to read cached Intune app install status : $ ( $ErrorMessage.NormalizedError ) " - sev Error - LogData $ErrorMessage
117127 }
118128 }
119129
0 commit comments