question

MethodDev avatar image
1 Vote"
MethodDev asked ·

AzureAD - PowerShell - Determine if device has MDM enabled

Is there a good way to do that?

Currently I have:

 <# Connect To O365 Start #>
 Connect-AzureAD -Credential $credentials | Out-null
 <# Connect To O365 End #>
 
 $devices_List = Get-AzureADDevice -Filter "(DisplayName eq 'DESKTOP-DHGUVFV')" | select * #-All $true 
 $report = $devices_List | % { 
                    $device = $_
                    $registeredUser = (Get-AzureADDeviceRegisteredOwner -ObjectId $device.ObjectId)
                    [PSCustomObject]@{
                    Device = $device
                    userInfo = $registeredUser
                    }
                    
                   }
 
 $report.Device

But it sometimes does not line up with what is shown through the GUI

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jLight avatar image
0 Votes"
jLight answered ·

Here you go:

 Get-MsolDevice -All -ReturnRegisteredOwners | Where-Object {$_.RegisteredOwners.Count -gt 0}|Select DisplayName,DeviceOsType,DeviceTrustType,RegisteredOwners


https://support.office.com/en-us/article/get-details-about-devices-managed-by-mobile-device-management-mdm-for-office-365-5602963c-a1f2-4c21-afb9-f66cd7dca1f0

If you still can't find what you are looking for, then it might be time to mess with Graph API

https://smsagent.blog/2018/10/22/querying-for-devices-in-azure-ad-and-intune-with-powershell-and-microsoft-graph/

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

That is what I thought and ended up doing. Thanks for the time and help!

1 Vote 1 · ·
saurabhsh-msft avatar image
0 Votes"
saurabhsh-msft answered ·

You can check for IsManaged property of Get-AzureADDevice cmdlet result. If the value of isManaged parameter is True then device is enrolled and if it is False then device is not enrolled. You can also check for Get-MsolDevice for the same.

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If that is the case then why do I see this:

https://imgur.com/a/5rpItYG

0 Votes 0 · ·
jLight avatar image
0 Votes"
jLight answered ·
 Get-AzureADDevice -All $true | select DisplayName,IsManaged
· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If that is the case then why do I see this:

https://imgur.com/a/5rpItYG

0 Votes 0 · ·