BlogThe MSIx Experts Crib
RSS

Table of Contents

About
Advanced Installer helps you create powerful and reliable MSI, App-V & MSIX packages. Upgraded every month by our team, since 2003.

PowerShell & Intune, Automate your Work - Part 4: Retrieve Win32 Superseding Apps

Written by Alex Marin · August 13th, 2024 · 4min read

Welcome back to our series on automating Intune operations with PowerShell. Each article is here to make your day-to-day tasks easier and boost your toolkit with powerful scripting capabilities.

This time, we're focusing on an important aspect of application lifecycle management: Win32 App Supersedence. Understanding and managing superseding apps is critical for maintaining IT environments current and secure, especially in large organizations where outdated software can pose significant risks.

Recap of Parts 1, 2, and 3

Before we dive into superseding applications, let's do a quick recap of what we've covered so far:

  • Part 1: We introduced the basics of using PowerShell with the AZ Module for connecting to Azure and retrieving Win32 applications from Intune. It was all about laying the groundwork with authentication and initial data retrieval.
  • Part 2: Building on our foundation, we explored how to extract detailed information about app assignments. This deepened our understanding of how apps are deployed across different user groups and devices, which is crucial for effective application management.
  • Part 3: We delved into the complexities of application dependencies. By scripting the retrieval of dependency information, we managed to get all the applications which are marked as dependencies or check if a specific app contains any dependencies.

Each step has progressively enhanced our ability to manage applications effectively within a Microsoft Intune environment using PowerShell.

Retrieve Win32 Superseding Apps in Intune Using PowerShell

Application supersedence is a critical concept in software management, especially within environments managed by tools like Microsoft Intune. It means specifying that one application should replace another, typically when a new version is released or when switching to a different software that fulfills the same need but perhaps more efficiently or effectively.

Understanding and managing application supersedence is crucial for maintaining an up-to-date, secure, and streamlined IT environment.

Like in parts 1,2 and 3, we start by connecting to Microsoft Graph using specific scopes needed to access detailed app data.

These scopes include:

  • "User.Read.All"
  • "Group.ReadWrite.All"
  • "DeviceManagementApps.Read.All"
  • "DeviceManagementApps.ReadWrite.All"
  • "GroupMember.Read.All"
  • "Directory.Read.All"
  • "Directory.ReadWrite.All"
  • "Group.Read.All"
Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All", "DeviceManagementApps.Read.All", "DeviceManagementApps.ReadWrite.All", "GroupMember.Read.All", "Directory.Read.All", "Directory.ReadWrite.All", "Group.Read.All"

Next, we fetch all Win32 apps, then for each app, we retrieve its relationships from the Microsoft Graph beta endpoint. The script specifically looks for relationships classified as mobileAppSupersedence. If found, these superseding relationships are returned, indicating which apps are intended to replace or upgrade the current app.

$Win32MobileApps = Invoke-MgGraphRequest -Method GET "https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps?$filter=isof('microsoft.graph.win32LobApp')"
if ($Win32MobileApps -ne "") {
	$Win32MobileApps = $Win32MobileApps.value
	if ($Win32MobileApps -ne $null) {
    	foreach ($Win32MobileApp in $Win32MobileApps) {
        	$Win32MobileApps2 = Invoke-MgGraphRequest -Method GET "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$($Win32MobileApp.id)/relationships"
        	if ($Win32MobileApps2.value -ne $null) {
            	if ($Win32MobileApps2.value.'@odata.type' -like "#microsoft.graph.mobileAppSupersedence") {
                	return $Win32MobileApps2.value
            	}
        	}
    	}
	}
}

Here’s the full code for this operation:

Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All", "DeviceManagementApps.Read.All", "DeviceManagementApps.ReadWrite.All", "GroupMember.Read.All", "Directory.Read.All", "Directory.ReadWrite.All", "Group.Read.All"
$Win32AppList = New-Object -TypeName "System.Collections.Generic.List[Object]"
 $Win32AppAssignmentList = New-Object -TypeName "System.Collections.Generic.List[Object]"
$Win32MobileApps = Invoke-MgGraphRequest -Method GET "https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps?`$filter=isof('microsoft.graph.win32LobApp')"
 if ($Win32MobileApps -ne "") {
          		 $Win32MobileApps = $Win32MobileApps.value
           		 if ($Win32MobileApps -ne $null) {
               		 foreach ($Win32MobileApp in $Win32MobileApps) {
               		 $Win32MobileApps2 = Invoke-MgGraphRequest -Method GET "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$($Win32MobileApp.id)/relationships"
                        		 if ($Win32MobileApps2.value -ne $null) {
           		 if ($Win32MobileApps2.value.'@odata.type' -like "#microsoft.graph.mobileAppSupersedence") {
               		 return $Win32MobileApps2.value
           		 }
       		 }
               		 }
             		 }}

This will output all the applications marked as supersedence in the environment:

Return all Supersedence Apps in Intune

Retrieve Win32 Superseding Apps for a Particular App

If you only want to find the supersedence for a specific application based on the DisplayName, the script can be easily adapted. All you need to do is check if:

if($Win32MobileApp.displayName -like "*7z*"){

Once we add the simple line above to the code, we will get the following output:

Supersedence for Specific App in Intune

The full modified code for searching the supersedence of a particular app in Intune with PowerShell is:

Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All", "DeviceManagementApps.Read.All", "DeviceManagementApps.ReadWrite.All", "GroupMember.Read.All", "Directory.Read.All", "Directory.ReadWrite.All", "Group.Read.All"
$Win32AppList = New-Object -TypeName "System.Collections.Generic.List[Object]"
 $Win32AppAssignmentList = New-Object -TypeName "System.Collections.Generic.List[Object]"
$Win32MobileApps = Invoke-MgGraphRequest -Method GET "https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps?`$filter=isof('microsoft.graph.win32LobApp')"
 if ($Win32MobileApps -ne "") {
          		 $Win32MobileApps = $Win32MobileApps.value
           		 if ($Win32MobileApps -ne $null) {
               		 foreach ($Win32MobileApp in $Win32MobileApps) {
                         	if($Win32MobileApp.displayName -like "*7z*"){
               		 $Win32MobileApps2 = Invoke-MgGraphRequest -Method GET "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$($Win32MobileApp.id)/relationships"
                        		 if ($Win32MobileApps2.value -ne $null) {
           		 if ($Win32MobileApps2.value.'@odata.type' -like "#microsoft.graph.mobileAppSupersedence") {
               		 return $Win32MobileApps2.value
           		 }
       		 }
                    	}
               		 }
             		 }}

Conclusion

In this article, we’ve extended our PowerShell and Intune toolkit by adding the capability to identify and manage superseding applications. This not only aids in keeping the software environment modern and secure but also helps in planning application deployment strategies effectively.

As we continue to explore more facets of Intune and PowerShell in our upcoming articles, stay tuned for more tips and tricks that will help you streamline your IT operations even further.

Happy scripting!

Written by
See author's page
Alex Marin

Application Packaging and SCCM Deployments specialist, solutions finder, Technical Writer at Advanced Installer.

Comments: