Testing with Graph
u/Satielreks found a Graph endpoint for evaluating Intune filter results, but it’s a bit tricky to use with the Graph PowerShell SDK. The endpoint returns the application/octet-stream Content-Type instead of application/json, so the SDK can only write to a file. But we can use New-TemporaryFile to manually convert it to a PowerShell object.
#Requires -Module Microsoft.Graph.Authentication
$rule = '(device.deviceTrustType -in ["Hybrid Azure AD joined"])'
$file = New-TemporaryFile
Invoke-MgGraphRequest -Uri "beta/deviceManagement/evaluateAssignmentFilter" -Method POST -Body @{data=@{platform="Windows10AndLater"; rule=$rule}} -OutputFilePath $file
$data = Get-Content $file | ConvertFrom-Json -Depth 100This endpoint might have other uses too, like searching with device properties that aren’t supported by the regular Graph devices endpoint.