Niklas Blog

Exploring Device Management.

Using Intune device query

27 February 2025

Intune Device Query

The Device Query feature in Intune allows administrators to retrieve detailed information about managed devices. This feature leverages the Intune API to pull data such as device compliance status, operating system version, device health, and more. By querying this information, administrators can gain insights into the state of their device fleet and make informed decisions about device management and security. You can use this feature to get more details from one or all devices and create filters to scope only devices that you need those details from. This enables IT admins to get more insights of devices directly from the Intune portal.

Requirements

Check out the Microsoft Learn docs to see the updated list of requirements. But for now we need the Intune Advanced Analytics Add-on, purchased seperately or with Intune Suite. Without this you will not be able to even see the device query feature in your Intune portal.

Also you should create a policy from the Properties catalog, where you will define what device properties are stored in your Intune inventory. For this example and because I wanted to have a look into every available propertie I created a policy where everything is enabled and refreshed every 24 hours - so once a day I have updated propiertie data.

Query devices

There are two available options. On the one hand you can query a specific device and only get data from this device. On the other hand we can query all devices or devices where a specific propertie criteria (like for example the device model) applies.

Currently the following properties can be queried:

  • Battery
  • Bios Info
  • Cpu
  • Disk Drive
  • Encryptable Volume
  • Logical Drive
  • Memory Info
  • Network Adapter
  • Os Version
  • System Enclosure
  • Time
  • Tpm
  • Video Controller
  • Windows Qfe

Lets see how we can query with both options.

Single Device Query

This type of query is useful for troubleshooting specific devices. It allows administrators to retrieve detailed information about a particular device, such as its compliance status, operating system version, and health metrics. This targeted approach is ideal for resolving individual device issues quickly. This approach needs the device to be online as it querys directly to the device.

Firstly we need to open the Intune Portal and navigate to Windows devices, from there we need to open the device where we want to look into:

On the Device view open the Device query blade. As you can see we have multiple properties (orange section) that we can use with KQL. Those or just the class as in this example can be added to the command box (green section) and then youre able to Run it from above the command box (blue section). As this query is send directly to the device it can take some time - dont leave the view as this would cancle the query.

Multiple devices

This type of query provides a comprehensive overview of the entire device fleet. It allows administrators to gather information on all managed devices, enabling them to identify trends, monitor compliance across the organization, and generate reports. This holistic approach is essential for maintaining overall device health and security. This approach querys stored information from the device inventory so it is always available - also when affected devcies are not online. Here you defenitely need the device properties policy upfront.

Of course a query against all/multiple device also needs to be send from the Intune portal, please open the Intune Portal again :) But this time we navigate to Devices and then directly to Device query.

As you now know from the One-Device-Query you can use the same Properties (orange section) here, enter your query or class in the command box (green section) run it again from the Run Button (blue section) and then you will see the results below (yellow section).

This tenant only had this one device but if you have multiple devices, all that have data for this query or were included will be liste below. Also for some properties you can run Remediations or device actions when they return results.

Check out Ugur Koc`s Github repo for some nice prebuild queries that might help you. He also build KQL Search where you can search for those queries and use AI to create new ones, which is realy nice and you should give it a try.

Conclusion

The Intune Device Query feature is a powerful tool for device management administrators. It provides the flexibility to retrieve detailed information about individual devices or the entire device fleet, enabling administrators to monitor compliance, manage inventory, troubleshoot issues, and generate reports. By leveraging this feature, administrators can ensure that their organization’s devices are secure, compliant, and functioning optimally, ultimately supporting the overall goals of the organization. Also it can help to identify or troubleshoot issues on one or multiple clients.