Summary
Two Microsoft Graph Beta API changes directly affect this project:
deviceManagement/groupPolicyConfigurations — Deprecated (March 2025)deviceManagement/deviceConfigurations('{id}')/deviceStatuses — Removed (May 2024)
1. groupPolicyConfigurations API Deprecated
What changed
As of March 31, 2025 (MC955748), the following Beta APIs no longer support creation and management of Windows Endpoint security policies and Administrative templates:
deviceManagement/groupPolicyConfigurationsdeviceManagement/groupPolicyCategoriesdeviceManagement/groupPolicyDefinitions
Microsoft requires migration to deviceManagement/configurationPolicies.
Affected code locations in IntuneAssignmentChecker.ps1
| Lines |
Usage |
| 1986, 1988 |
User assignment check — fetches groupPolicyConfigurations entities and assignments |
| 3483, 3485 |
Group assignment check — fetches entities and direct assignments |
| 4181, 4183 |
Device assignment check — fetches entities and assignments |
| 5104, 5106 |
Policy overview — fetches all admin templates |
| 5735, 5737 |
Policy overview (additional context) |
| 6438, 6440 |
Policy overview (additional context) |
| 7196, 7198 |
Policy overview (additional context) |
| 7652, 7654 |
Policy overview (additional context) |
| 8237 |
Direct API call: $GraphEndpoint/beta/deviceManagement/groupPolicyConfigurations |
| 8242 |
Direct API call: $GraphEndpoint/beta/deviceManagement/groupPolicyConfigurations('{id}')/assignments |
Suggested fix
Replace all groupPolicyConfigurations references with configurationPolicies. The new API uses the same pattern:
GET /beta/deviceManagement/configurationPolicies
GET /beta/deviceManagement/configurationPolicies('{id}')/assignments
Note: Administrative templates migrated to the unified settings platform will have new Policy IDs, so any cached/hardcoded IDs would also need updating. The response schema may differ slightly — configurationPolicies uses name instead of displayName in some cases. Testing is required to verify field mappings.
2. deviceConfigurations/.../deviceStatuses Endpoint Removed
What changed
As of May 2024, Microsoft removed several Beta APIs from the old Intune reporting framework, including:
deviceManagement/deviceConfigurations('{id}')/deviceStatuses
Reference: Removal of several Microsoft Graph Beta APIs for Intune device configuration reports
Affected code locations in IntuneAssignmentChecker.ps1
| Line |
Code |
| 1509 |
$configPoliciesUri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations" |
| 1513 |
$statusUri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$($policy.id)')/deviceStatuses" |
This is used in the "Get Device Configuration Policy Failures" section (lines 1506–1536). Calls to this endpoint may already be failing silently (caught by the try/catch on line 1534).
Suggested fix
Migrate to the newer Intune reporting framework. The replacement endpoint is:
POST /beta/deviceManagement/reports/getConfigurationPolicyDevicesReport
With a JSON body specifying the policy ID and desired columns. Example:
{
"filter": "(PolicyId eq '{policyId}')",
"select": ["DeviceName", "UPN", "PolicyStatus", "LastContact"]
}
Additional Note: deviceConfigurations Migration
Microsoft is actively migrating device configuration templates from deviceManagement/deviceConfigurations to the unified settings platform (deviceManagement/configurationPolicies). While deviceConfigurations still works for listing and reading policies, newly created policies in Intune may only appear under configurationPolicies. This affects 18+ locations in the script that query deviceConfigurations (lines 1960, 3444, 4156, 5068, 5713, 6416, 7176, 7618, 8166, 8179, etc.).
Consider adding configurationPolicies as an additional source when listing device configuration profiles to ensure full coverage.
References
Summary
Two Microsoft Graph Beta API changes directly affect this project:
deviceManagement/groupPolicyConfigurations— Deprecated (March 2025)deviceManagement/deviceConfigurations('{id}')/deviceStatuses— Removed (May 2024)1.
groupPolicyConfigurationsAPI DeprecatedWhat changed
As of March 31, 2025 (MC955748), the following Beta APIs no longer support creation and management of Windows Endpoint security policies and Administrative templates:
deviceManagement/groupPolicyConfigurationsdeviceManagement/groupPolicyCategoriesdeviceManagement/groupPolicyDefinitionsMicrosoft requires migration to
deviceManagement/configurationPolicies.Affected code locations in
IntuneAssignmentChecker.ps1groupPolicyConfigurationsentities and assignments$GraphEndpoint/beta/deviceManagement/groupPolicyConfigurations$GraphEndpoint/beta/deviceManagement/groupPolicyConfigurations('{id}')/assignmentsSuggested fix
Replace all
groupPolicyConfigurationsreferences withconfigurationPolicies. The new API uses the same pattern:Note: Administrative templates migrated to the unified settings platform will have new Policy IDs, so any cached/hardcoded IDs would also need updating. The response schema may differ slightly —
configurationPoliciesusesnameinstead ofdisplayNamein some cases. Testing is required to verify field mappings.2.
deviceConfigurations/.../deviceStatusesEndpoint RemovedWhat changed
As of May 2024, Microsoft removed several Beta APIs from the old Intune reporting framework, including:
deviceManagement/deviceConfigurations('{id}')/deviceStatusesReference: Removal of several Microsoft Graph Beta APIs for Intune device configuration reports
Affected code locations in
IntuneAssignmentChecker.ps1$configPoliciesUri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations"$statusUri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$($policy.id)')/deviceStatuses"This is used in the "Get Device Configuration Policy Failures" section (lines 1506–1536). Calls to this endpoint may already be failing silently (caught by the
try/catchon line 1534).Suggested fix
Migrate to the newer Intune reporting framework. The replacement endpoint is:
With a JSON body specifying the policy ID and desired columns. Example:
{ "filter": "(PolicyId eq '{policyId}')", "select": ["DeviceName", "UPN", "PolicyStatus", "LastContact"] }Additional Note:
deviceConfigurationsMigrationMicrosoft is actively migrating device configuration templates from
deviceManagement/deviceConfigurationsto the unified settings platform (deviceManagement/configurationPolicies). WhiledeviceConfigurationsstill works for listing and reading policies, newly created policies in Intune may only appear underconfigurationPolicies. This affects 18+ locations in the script that querydeviceConfigurations(lines 1960, 3444, 4156, 5068, 5713, 6416, 7176, 7618, 8166, 8179, etc.).Consider adding
configurationPoliciesas an additional source when listing device configuration profiles to ensure full coverage.References