Address
Ahmedabad, Gujarat (Ind.) & Pune, Maharashtra (Ind.)
Email
Info@jeennsolutions.com
Phone
+91 70162 94737
JEENN SOLUTIONS

How to Download PowerShell Scripts from Intune Using Microsoft Graph API

JEENN SOLUTIONS > Blog > Microsoft Intune > How to Download PowerShell Scripts from Intune Using Microsoft Graph API
Download PowerShell Script from Intune

🔧 How to Download PowerShell Scripts from Intune Using Microsoft Graph API

If you’ve uploaded PowerShell scripts into Intune (under Devices > Scripts and Remediations > Platform scripts) but now need to download them back, you’ll notice the portal doesn’t provide a “Download” option.

This step-by-step guide will show you how to download PowerShell Script from Intune using Microsoft Graph API and PowerShell. This is especially useful for IT admins and automation engineers who manage device configurations using Intune.

Table of Contents (auto-generated if using a TOC plugin)

✅ Prerequisites

  • You have Global Administrator or equivalent Azure AD permissions.
  • You have access to the Azure portal and PowerShell.
  • You’re familiar with Microsoft Intune and Graph API basics.

🛠️ Step 1: Register an App in Azure AD

  1. Go to https://portal.azure.com
  2. Navigate to Azure Active Directory > App registrationsMicrosoft Intra Id App Registration
  3. Click + New registration
  4. Enter a name like: IntuneScriptDownloader
  5. Choose “Accounts in this organizational directory only”
  6. Click RegisterMicrosoft Intra Id App Registration
  7. Copy and save the:
    Application (client) ID
    Directory (tenant) IDApplication ID and Tenant ID In App Registration

🔐 Step 2: Add API Permissions

  1. In your registered app, go to API Permissions > + Add a permission

    API Permissions in Microsoft Intune and Microsoft Azure

     

  2. Select Microsoft Graph > Application permissions
  3. Search and add: DeviceManagementConfiguration.Read.All
  4. Click Add permissionsAPI Permissions in Microsoft Intune and Microsoft Azure

     

  5. Back on the permissions screen, click Grant admin consentAPI Permissions in Microsoft Intune and Microsoft Azure

🗝️ Step 3: Create a Client Secret

  1. Go to Certificates & Secrets > + New client secret
  2. Add a description and select an expiry period
  3. Click Add and copy the secret value immediately — you won’t be able to see it againAPI Permissions in Microsoft Intune and Microsoft Azure

📋 Step 4: Get Your PowerShell Script ID from Intune

To download a specific script, you need its unique ID from Intune.

PowerShell Script to List Script IDs:

# Replace with your values
$tenantId = "YOUR_TENANT_ID"
$clientId = "YOUR_APP_ID"
$clientSecret = "YOUR_VALUE_ID (NOT SECRET ID)"

# Get access token
$body = @{
    grant_type    = "client_credentials"
    scope         = "https://graph.microsoft.com/.default"
    client_id     = $clientId
    client_secret = $clientSecret
}

$tokenResponse = Invoke-RestMethod -Method Post `
    -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" `
    -ContentType "application/x-www-form-urlencoded" `
    -Body $body

$headers = @{
    Authorization = "Bearer $($tokenResponse.access_token)"
}

# List all scripts
$uri = "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts"
$response = Invoke-RestMethod -Uri $uri -Headers $headers -Method Get

# Show script names and IDs
$response.value | Select displayName, id | Format-Table -AutoSize

💾 Step 5: Download the PowerShell Script

# Replace these with your actual values
$tenantId = "YOUR_TENANT_ID"
$clientId = "YOUR_APP_ID"
$clientSecret = "YOUR_VALUE_ID (NOT SECRET ID)"
$scriptId = "YOUR_SCRIPT_ID"

# Step 1: Get access token
$body = @{
    grant_type    = "client_credentials"
    scope         = "https://graph.microsoft.com/.default"
    client_id     = $clientId
    client_secret = $clientSecret
}

$tokenResponse = Invoke-RestMethod -Method Post `
    -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" `
    -ContentType "application/x-www-form-urlencoded" `
    -Body $body

$headers = @{
    Authorization = "Bearer $($tokenResponse.access_token)"
}

# Step 2: Get script details
$scriptUri = "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/$scriptId"
$scriptDetail = Invoke-RestMethod -Uri $scriptUri -Headers $headers -Method Get

# Step 3: Decode and save script
$decodedScript = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($scriptDetail.scriptContent))
$decodedScript | Out-File "Downloaded_Intune_Script.ps1" -Encoding UTF8

Write-Host "`n✅ Script downloaded successfully as: Downloaded_Intune_Script.ps1"

🧩 Conclusion

While Intune doesn’t provide a direct option to download uploaded PowerShell scripts, using Microsoft Graph API gives you full control. With this guide, you can securely extract and store your Intune PowerShell scripts anytime.

💼 Need Help with Intune or PowerShell Automation?

At Jeenn Solutions, we specialize in IT automation, Microsoft Intune, and enterprise scripting solutions. Contact us if you need expert assistance.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *