Introducing new filter parameters to Get-EntraDevice and Get-EntraBetaDevice (#1565)

* added changes to Get-EntraDevice

* added tests for Get-EntraDevice

* Updated Documentation for Get-EntraDevice

* added parameters to get-entrabetadevice

* added tests for get-entrabetadevice

* updated docs for get-entrabetadevice

* updated parameter sets

* updated beta tests

* updated docs

* updated switch check

---------

Co-authored-by: Givinalis Omachar <[email protected]>

Author: givinalis

module/Entra/Microsoft.Entra/DirectoryManagement/Get-EntraDevice.ps1

@@ -18,12 +18,35 @@ function Get-EntraDevice {
 
         [Parameter(ParameterSetName = "GetVague", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
         [System.String] $SearchString,
+
         [Alias('ObjectId')]            
         [Parameter(ParameterSetName = "GetById", Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
         [System.String] $DeviceId,
+
         [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)]
         [Alias("Select")]
-        [System.String[]] $Property
+        [System.String[]] $Property,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices with last sign-in before a specified date.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices with last sign-in before a specified date.")]
+        [DateTime] $LogonTimeBefore,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices that haven't signed in for 2 months or more.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices that haven't signed in for 2 months or more.")]
+        [Switch] $Stale,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices that are not compliant with organizational policies.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices that are not compliant with organizational policies.")]
+        [Switch] $NonCompliant,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices onwhether they are managed by a Mobile Device Management (MDM) solution. Use `$true for managed devices or `$false for unmanaged devices.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices onwhether they are managed by a Mobile Device Management (MDM) solution. Use `$true for managed devices or `$false for unmanaged devices.")]
+        [System.Nullable`1[System.Boolean]] $IsManaged,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices by join type: MicrosoftEntraJoined, MicrosoftEntraHybridJoined, or MicrosoftEntraRegistered.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices by join type: MicrosoftEntraJoined, MicrosoftEntraHybridJoined, or MicrosoftEntraRegistered.")]
+        [ValidateSet("MicrosoftEntraJoined", "MicrosoftEntraHybridJoined", "MicrosoftEntraRegistered")]
+        [System.String] $JoinType
     )
 
     begin {
@@ -103,6 +126,56 @@ function Get-EntraDevice {
             $params["Property"] = $PSBoundParameters["Property"]
         }
 
+        if ($null -ne $PSBoundParameters["LogonTimeBefore"]) {
+            $logonDate = $PSBoundParameters["LogonTimeBefore"].ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and approximateLastSignInDateTime le $logonDate"
+            } else {
+                $params["Filter"] = "approximateLastSignInDateTime le $logonDate"
+            }
+        }
+
+        # Ref: https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices
+        if ($PSBoundParameters.ContainsKey("Stale")) {
+            $staleDate = (Get-Date).AddMonths(-2).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and approximateLastSignInDateTime le $staleDate"
+            } else {
+                $params["Filter"] = "approximateLastSignInDateTime le $staleDate"
+            }
+        }
+
+        if ($PSBoundParameters.ContainsKey("NonCompliant")) {
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and isCompliant eq false"
+            } else {
+                $params["Filter"] = "isCompliant eq false"
+            }
+        }
+
+        if ($null -ne $PSBoundParameters["IsManaged"]) {
+            $isManagedState = $PSBoundParameters["IsManaged"]
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and isManaged eq $isManagedState"
+            } else {
+                $params["Filter"] = "isManaged eq $isManagedState"
+            }
+        }
+
+        if ($null -ne $PSBoundParameters["JoinType"]) {
+            $filterValue = switch ($PSBoundParameters["JoinType"]) {
+                "MicrosoftEntraJoined" { "trustType eq 'AzureAd'" }
+                "MicrosoftEntraHybridJoined" { "trustType eq 'ServerAd'" }
+                "MicrosoftEntraRegistered" { "trustType eq 'Workplace'" }
+            }
+            
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and $filterValue"
+            } else {
+                $params["Filter"] = $filterValue
+            }
+        }
+
         Write-Debug("============================ TRANSFORMATIONS ============================")
         $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug
         Write-Debug("=========================================================================`n")
@@ -121,7 +194,6 @@ function Get-EntraDevice {
                 Add-Member -InputObject $_ -MemberType AliasProperty -Name DeviceTrustType -Value TrustType
                 Add-Member -InputObject $_ -MemberType AliasProperty -Name DeviceObjectVersion -Value DeviceVersion
                 Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id
-
             }
         }
         $response

module/EntraBeta/Microsoft.Entra.Beta/DirectoryManagement/Get-EntraBetaDevice.ps1

@@ -11,6 +11,7 @@ function Get-EntraBetaDevice {
 
         [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
         [System.String] $Filter,
+
         [Alias('ObjectId')]            
         [Parameter(ParameterSetName = "GetById", Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
         [System.String] $DeviceId,
@@ -21,9 +22,31 @@ function Get-EntraBetaDevice {
         [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
         [Alias("Limit")]
         [System.Nullable`1[System.Int32]] $Top,
+
         [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)]
         [Alias("Select")]
-        [System.String[]] $Property
+        [System.String[]] $Property,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices with last sign-in before a specified date.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices with last sign-in before a specified date.")]
+        [DateTime] $LogonTimeBefore,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices that haven't signed in for 2 months or more.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices that haven't signed in for 2 months or more.")]
+        [Switch] $Stale,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices that are not compliant with organizational policies.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices that are not compliant with organizational policies.")]
+        [Switch] $NonCompliant,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices onwhether they are managed by a Mobile Device Management (MDM) solution. Use `$true for managed devices or `$false for unmanaged devices.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices onwhether they are managed by a Mobile Device Management (MDM) solution. Use `$true for managed devices or `$false for unmanaged devices.")]
+        [System.Nullable`1[System.Boolean]] $IsManaged,
+
+        [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices by join type: MicrosoftEntraJoined, MicrosoftEntraHybridJoined, or MicrosoftEntraRegistered.")]
+        [Parameter(ParameterSetName = "GetVague", Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = "Filter devices by join type: MicrosoftEntraJoined, MicrosoftEntraHybridJoined, or MicrosoftEntraRegistered.")]
+        [ValidateSet("MicrosoftEntraJoined", "MicrosoftEntraHybridJoined", "MicrosoftEntraRegistered")]
+        [System.String] $JoinType
     )
 
     begin {
@@ -103,6 +126,56 @@ function Get-EntraBetaDevice {
             $params["Property"] = $PSBoundParameters["Property"]
         }
 
+        if ($null -ne $PSBoundParameters["LogonTimeBefore"]) {
+            $logonDate = $PSBoundParameters["LogonTimeBefore"].ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and approximateLastSignInDateTime le $logonDate"
+            } else {
+                $params["Filter"] = "approximateLastSignInDateTime le $logonDate"
+            }
+        }
+
+        # Ref: https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices
+        if ($PSBoundParameters.ContainsKey("Stale")) {
+            $staleDate = (Get-Date).AddMonths(-2).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and approximateLastSignInDateTime le $staleDate"
+            } else {
+                $params["Filter"] = "approximateLastSignInDateTime le $staleDate"
+            }
+        }
+
+        if ($PSBoundParameters.ContainsKey("NonCompliant")) {
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and isCompliant eq false"
+            } else {
+                $params["Filter"] = "isCompliant eq false"
+            }
+        }
+
+        if ($null -ne $PSBoundParameters["IsManaged"]) {
+            $isManagedState = $PSBoundParameters["IsManaged"]
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and isManaged eq $isManagedState"
+            } else {
+                $params["Filter"] = "isManaged eq $isManagedState"
+            }
+        }
+
+        if ($null -ne $PSBoundParameters["JoinType"]) {
+            $filterValue = switch ($PSBoundParameters["JoinType"]) {
+                "MicrosoftEntraJoined" { "trustType eq 'AzureAd'" }
+                "MicrosoftEntraHybridJoined" { "trustType eq 'ServerAd'" }
+                "MicrosoftEntraRegistered" { "trustType eq 'Workplace'" }
+            }
+            
+            if ($params.ContainsKey("Filter")) {
+                $params["Filter"] += " and $filterValue"
+            } else {
+                $params["Filter"] = $filterValue
+            }
+        }
+
         Write-Debug("============================ TRANSFORMATIONS ============================")
         $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug
         Write-Debug("=========================================================================`n")