The Graph API and Intune portal(s) give insight into device compliance status, but what about a local equivalent? How can we locally detect from e.g. a script on a Windows 10 laptop if the device is compliant or not?
I couldn’t find any documentation, WMI properties or registry keys, but I did find that the Company Portal shows the compliance status and caches this in a file. So, although it isn’t pretty, I’ve settled for this method for now and created a UserVoice item requesting a local W10 API/regkey/WMI property to query Intune compliance status of the device.
((get-content -Path (Get-Childitem –Path (Join-Path $env:LOCALAPPDATA ` -ChildPath "Packages\Microsoft.CompanyPortal_8wekyb3d8bbwe\TempState\ApplicationCache") ` -Include *.tmp* -File -Recurse | sort-object -Descending -Property lastWritetime) | convertfrom-json).data | convertfrom-json).ComplianceState