@@ -21,7 +21,7 @@ $certThumbprint = '<YourCertificateThumbprintHere>' # Thumbprint of the certific
2121# Autoupdate function
2222
2323# Version of the local script
24- $localVersion = " 2.1 .0"
24+ $localVersion = " 2.2 .0"
2525
2626# URL to the version file on GitHub
2727$versionUrl = " https://raw.githubusercontent.com/ugurkocde/IntuneAssignmentChecker/main/version_v2.txt"
@@ -75,23 +75,57 @@ catch {
7575
7676# Do not change the following code
7777
78- # Check if any of the variables are not set or contain placeholder values
79- if (-not $appid -or $appid -eq ' <YourAppIdHere>' -or
80- -not $tenantid -or $tenantid -eq ' <YourTenantIdHere>' -or
81- -not $certThumbprint -or $certThumbprint -eq ' <YourCertificateThumbprintHere>'
82- Write-Host " App ID, Tenant ID, or Certificate Thumbprint is missing or not set correctly. Please fill out all the necessary details." - ForegroundColor Red
83- exit
84- }
85-
8678# Connect to Microsoft Graph using certificate-based authentication
8779try {
88- $connectionResult = Connect-MgGraph - ClientId $appid - TenantId $tenantid - CertificateThumbprint $certThumbprint - NoWelcome - ErrorAction Stop
89-
90- # Check if the connection was successful
91- if ($null -eq (Get-MgContext )) {
92- throw " Failed to establish a valid connection to Microsoft Graph."
80+
81+ # Define required permissions with reasons
82+ $requiredPermissions = @ (
83+ @ {
84+ Permission = " User.Read.All"
85+ Reason = " Required to read user profile information and check group memberships"
86+ },
87+ @ {
88+ Permission = " Group.Read.All"
89+ Reason = " Needed to read group information and memberships"
90+ },
91+ @ {
92+ Permission = " DeviceManagementConfiguration.Read.All"
93+ Reason = " Allows reading Intune device configuration policies and their assignments"
94+ },
95+ @ {
96+ Permission = " DeviceManagementApps.Read.All"
97+ Reason = " Necessary to read mobile app management policies and app configurations"
98+ },
99+ @ {
100+ Permission = " DeviceManagementManagedDevices.Read.All"
101+ Reason = " Required to read managed device information and compliance policies"
102+ },
103+ @ {
104+ Permission = " Device.Read.All"
105+ Reason = " Needed to read device information from Azure AD"
106+ }
107+ )
108+
109+ # Check if any of the variables are not set or contain placeholder values
110+ if (-not $appid -or $appid -eq ' <YourAppIdHere>' -or
111+ -not $tenantid -or $tenantid -eq ' <YourTenantIdHere>' -or
112+ -not $certThumbprint -or $certThumbprint -eq ' <YourCertificateThumbprintHere>'
113+ Write-Host " App ID, Tenant ID, or Certificate Thumbprint is missing or not set correctly." - ForegroundColor Red
114+ $manualConnection = Read-Host " Would you like to attempt a manual interactive connection? (y/n)"
115+ if ($manualConnection -eq ' y'
116+ # Manual connection using interactive login
117+ write-host " Attempting manual interactive connection (you need privileges to consent permissions)..." - ForegroundColor Yellow
118+ $permissionsList = ($requiredPermissions | ForEach-Object { $_.Permission }) -join ' , '
119+ $connectionResult = Connect-MgGraph - Scopes $permissionsList - NoWelcome - ErrorAction Stop
120+ }
121+ else {
122+ Write-Host " Script execution cancelled by user." - ForegroundColor Red
123+ exit
124+ }
125+ }
126+ else {
127+ $connectionResult = Connect-MgGraph - ClientId $appid - TenantId $tenantid - CertificateThumbprint $certThumbprint - NoWelcome - ErrorAction Stop
93128 }
94-
95129 Write-Host " Successfully connected to Microsoft Graph" - ForegroundColor Green
96130
97131 # Define required permissions with reasons
0 commit comments