The Graph API and Intune portal(s) give insight into device compliance status, but what about a local equivalent? How can we locally detect from e.g. a script on a Windows 10 laptop if the device is compliant or not?
I couldn’t find any documentation, WMI properties or registry keys, but I did find that the Company Portal shows the compliance status and caches this in a file. So, although it isn’t pretty, I’ve settled for this method for now and created a UserVoice item requesting a local W10 API/regkey/WMI property to query Intune compliance status of the device.
((get-content -Path (Get-Childitem –Path (Join-Path $env:LOCALAPPDATA `
-ChildPath "Packages\Microsoft.CompanyPortal_8wekyb3d8bbwe\TempState\ApplicationCache") `
-Include *.tmp* -File -Recurse | sort-object -Descending -Property lastWritetime)[0] | convertfrom-json).data | convertfrom-json).ComplianceState
Hi! Building a remediation script that helps users getting their devices compliant after enrollment, and needed a way of checking that the device is not compliant (locally). I’ve searched and searched, and yet I only find this 3 year old post, nothing new seems to have come from Microsoft. Your solution works, most of the time, but I do have a few issues: Like the other comment from Sjors, I also have multiple temp files in my folder, and they all write different things. Some contain the json with the information we’re after, but some contain just seemingly random numbers.… Read more »
Hi Jos! Thanks for this message. Are you sure this script is working correctly? When I run it locally, it mentions my device is non-compliant, but when checking the company portal and intune portal, my device is compliant. In reality, the device is fully compliant with the policies that I set, but this script mentions otherwise :/