Skip to content

Instantly share code, notes, and snippets.

@aniqfakhrul

aniqfakhrul/intune.py

Last active November 24, 2025 15:21
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save aniqfakhrul/99de7318a12341249d4ba33bbc223d80 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save aniqfakhrul/99de7318a12341249d4ba33bbc223d80 to your computer and use it in GitHub Desktop.
Download ZIP
Deploy Azure Intune Platform Script
Raw
intune.py
#!/usr/bin/env python3
"""
@aniqfakhrul
This script intents is to perform Intune enumeration and deploy PowerShell scripts
via Intune API. Definitely not written by AI
"""
import requests
import sys
import json
import random
import base64
import string
import argparse
class Intune:
def __init__(self, token):
self.base_url = "https://graph.microsoft.com/beta/deviceManagement/{}"
self.session = requests.Session()
self.session.headers.update(
{
"Authorization": f"Bearer {token}",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
}
)
def _output(self, data):
output = data.json()
if isinstance(output, dict) and "error" in output:
print(f"Error: {output.get('error')}")
sys.exit(-1)
return output
def list_device(self):
url = self.base_url.format("manageddevices")
r = self.session.get(url)
return self._output(r)
def list_scripts(self):
url = self.base_url.format("deviceManagementScripts")
r = self.session.get(url)
return self._output(r)
def delete_script(self, script_id):
url = self.base_url.format(f"deviceManagementScripts/{script_id}")
r = self.session.delete(url)
return r.status_code == 200
def deploy_script(self, file_path, display_name="", description="", run_as="user",
file_name="", sign_check=False):
url = self.base_url.format("deviceManagementScripts")
with open(file_path, "rb") as f:
content = f.read()
powershell_script = base64.b64encode(content).decode("utf-8")
if not display_name:
display_name = ''.join(random.choice(string.ascii_lowercase) for _ in range(6))
data = {
"displayName": display_name,
"description": description,
"scriptContent": powershell_script,
"runAsAccount": run_as,
"fileName": f"{file_name if file_name else display_name}.ps1",
"roleScopeTagIds": ["0"],
"enforceSignatureCheck": sign_check,
"runAs32Bit": False,
}
r = self.session.post(url, json=data)
return self._output(r)
def assign_task(self, task_id):
url = self.base_url.format(f"deviceManagementScripts/{task_id}/assign")
data = {
"deviceManagementScriptAssignments": [
{
"target": {
"@odata.type": "#microsoft.graph.allDevicesAssignmentTarget"
}
}
]
}
r = self.session.post(url, json=data)
return r.status_code == 200
def main():
parser = argparse.ArgumentParser(description="Intune Device Management Helper")
subparsers = parser.add_subparsers(dest="command", required=True)
list_parser = subparsers.add_parser("list", help="List Intune-managed devices")
list_parser.add_argument("-at", "--access-token", required=True,
help="Access token for Microsoft Graph")
deploy_parser = subparsers.add_parser("deploy", help="Deploy PowerShell script to devices")
deploy_parser.add_argument("-at", "--access-token", required=True,
help="Access token for Microsoft Graph")
deploy_parser.add_argument("-f", "--file-path", required=True,
help="Path to PowerShell script to deploy")
#deploy_parser.add_argument("-ra", "--run-as", default="user",
# choices=["user", "system"],
# help="Run script as user or system (default: user)")
delete_parser = subparsers.add_parser("deletescript",
help="Delete a device management script")
delete_parser.add_argument("-at", "--access-token", required=True)
delete_parser.add_argument("-id", "--script-id",
help="ID of the script to delete (optional)")
args = parser.parse_args()
intune = Intune(args.access_token)
if args.command == "list":
print("\n============= Device(s) ===============")
devices = intune.list_device().get("value", [])
if not devices:
print("No devices found.")
return
for d in devices:
print(f"{d.get('deviceName')} ({d.get('id')}) - {d.get('userPrincipalName')}")
scripts = intune.list_scripts().get("value", [])
if not scripts:
print("No device management scripts found.")
return
print("\n=== Device Management Scripts ===\n")
for s in scripts:
print(f"[{s.get('id')}]")
print(f" Name : {s.get('displayName')}")
print(f" File : {s.get('fileName')}")
print(f" RunAs : {s.get('runAsAccount')}")
print(f" Created : {s.get('createdDateTime')}")
print()
return
if args.command == "deploy":
file_path = args.file_path
#run_as = args.run_as
# Create task
task = intune.deploy_script(file_path)
task_id = task.get("id")
# Assign task to all devices
assigned = intune.assign_task(task_id)
if not assigned:
print("Failed to deploy script")
sys.exit(1)
print("Script deployed and assigned. This will take a while. Kopi dulu.")
return
if args.command == "deletescript":
script_id = args.script_id
# If no script ID, show list and ask
if not script_id:
scripts = intune.list_scripts().get("value", [])
if not scripts:
print("No scripts found.")
return
print("\n=== Choose a script to delete ===\n")
for i, s in enumerate(scripts, start=1):
print(f"{i}. {s.get('displayName')} ({s.get('id')})")
while True:
choice = input("\nSelect script number: ")
if choice.isdigit() and 1 <= int(choice) <= len(scripts):
script_id = scripts[int(choice) - 1]["id"]
break
print("Invalid choice. Try again.")
deleted = intune.delete_script(script_id)
if deleted:
print(f"Deleted script: {script_id}")
else:
print("Failed to delete script.")
return
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment