Using O365 APIs and PowerShell to access Intune messages from Message center in Office 365


4/26/18: Updated with link to an updated script to deliver messages to Teams and Outlook: Get Messages to Teams and Outlook 

5/9/18: A follow up post is available here: Automating delivery of Message Center posts to Teams and Outlook using an Azure function

Intune posts messages in the Message center in Office 365, accessed from portal.office.com using your admin credentials. Intune posts contain important service information with links to more details about new features, updates made to the service, and upcoming changes. We’re committed to make Intune work better for you, with messages that help you prepare for any planned change we make.

While you can read all your messages in the Message Center and even sign up to get weekly digests of your messages delivered as emails, we want to share an alternate way of accessing your messages. This process takes only a few minutes to set up and has two parts:

  • Creating an Azure AD application to use O365 APIs
  • Running a PowerShell script that we’ve provided for your convenience

Creating an Azure AD application to use O365 APIs

1. In this step, we create an application to get the following values which we will use later for authentication:

  • Application ID
  • Key or client secret

2. Open Intune on Azure portal with global admin credentials. Navigate to Azure AD >> App Registration >> New Application registration.

  • Choose application type Web app/API, not Native, since keys are only generated in Web app/API, not Native.
  • Redirect URI can be your tenant address, eg. https://contoso.onmicrosoft.com.

3. Hit Create. Copy Application ID somewhere to use later.

4. To access your Application ID or app ID again if you need to, In the Azure portal, select App registrations >> All apps, or got to Azure AD >> App registration>> All Apps to view your apps.

5. Open the newly created application and copy Application ID to be used later. However, the client secret or key will not be visible again, which is why we need to copy and save it.

6. Click Settings >> Required permissions >> Add >> Select an API >> O365 Management APIs. This is where you give the application permission to access the APIs for your tenant.

7. Under Application Permissions and Delegated Permissions, select “Read service health information for your organization” to read Message center posts. Others are optional. Select Done. Then click Grant permissions. Your application is registered, and permissions are configured.

8. Under API Access, select Keys. Enter a name for your key. You can set the expiration date per your requirement. The key value will be displayed only when you hit save. This value is important to hold on to in a secure way since it serves as a password for accessing your app and hence your messages.

Running the PowerShell script

Download and save this ‘Get Messages’ PowerShell script, add in your application ID, tenant address and client secret or key. Running the script should now get you all your Intune related message center posts from the O365 admin portal.

To have your messages delivered to Teams or Outlook, use this updated script instead: Get Messages to Teams and Outlook 

Instructions for running this script are also available at this link.

How does this help?

We know some of you are in the console all the time and some of you aren’t. If you’re a global admin or partner, you can share important messages with other Intune admins or employees by running this script and distributing the content. You, as global admin, can control who in your organization can view messages posted to the OMC.

Next steps

You now have all your messages in a PowerShell window. Stay tuned for another post where we’ll share how you can get these messages delivered to other platforms in an automated way.

Comments (0)

Skip to main content