Hi Community,
Guess what? Device Query for Multiple Devices is now live, however not on all tenants so it seems. This long awaited feature is an huge step forward and addition to the single device query that has been around for some time now.
Check out the Microsoft article here.
You need the Intune Suite or the Advanced Analytics add-on for this. This powerfull tool let’s you do KQL query to gain more insights on your Intune enrolled devices. If you use this in combination with Copilot for Security with the Intune plugin enabled you can ask Copilot in normal language to create a KQL query for you which you can run in Intune.
For a user to use Device query, you must assign the Managed Devices – Query and Organization – Read permissions to them. Devices must be Intune managed and corporate owned. Device query for multiple devices only works on devices that are already collecting device inventory data.
See Device Query in action
In the Intune portal go to Devices – Device query
Now let’s do some basic queries and see the results.
Try this simple TPM query for the version of the TPM chip.
Tpm
| where SpecVersion contains '2.0'
Another simple yet very informative query would just be DiskDrive this will show all informations about the physical disks.
Now lets ask a query to Copilot. E.g. Show me the devices that have bitlocker enabled.
Copilot will generate the KQL query for me and the only thing i need to do is click add and run.
Check out the results.
So i think you have an idea on how powerfull Multiple Device Query is.
And as always if you feel there is something in error or you want to add some stuff from your own experience don’t hesitate to contact me!
0 Comments