This week is all about Device query for multiple devices. A long awaited feature. With that, this will also be a follow up on this post about getting started with Device query and this post adding additional hardware properties to the device inventory. Especially the latter might be a little bit surprising, but will be explained throughout this post. Device query for multiple devices provides IT administrators with the ability to easily query for devices with specific properties and values (e.g. all Windows devices with specific application crash events) and the ability to easily summarize data about devices (e.g. count all devices with a specific CPU). Those queries, however, are not performed in real-time on the Windows devices within the environment, but are relying on the device inventory data. That’s also why this post will be a follow up on both of those earlier post. This post will start with an introduction about the workings of Device query for multiple devices, followed with administrator experience (including examples).
Note: At the moment of writing Device query for multiple devices can only be used with Device inventory data.
Introducing Device query for multiple devices
When looking at better understanding Device query for multiple devices, it all starts with understanding where the data is coming from. And that’s actually a really important starting point, as it’s also an important differentiator with Device query. Device query runs queries at the specified device in real-time, while Device query for multiple devices relies on the data collected during the Device inventory. The positive side is that, even though those solutions are relying on different routes for retrieving data, all of those solutions are relying on the Intune Data Platform and its schema. And the properties provided via that platform.
Besides that, it’s important to keep in mind that only Device inventory is part of the standard Microsoft Intune P1 license. Any form of Device query requires at least the Intune Advanced Analytics add-on. The table below provides a brief overview of the different solutions by looking at data access, data reach, the main usage of the data, and the required licensing. Together, that provides a really simplistic overview of when to rely on which solution. Basically every solution has its own place.
| Action | Data access | Data reach | Usage | License |
|---|---|---|---|---|
| Device query | Real-time data | Single device | Real-time status | Intune Advanced Analytics |
| Device inventory | Stored data | Single device | Reporting and insights | Microsoft Intune P1 |
| Device query for multiple devices | Stored data | Multiple devices | Insights and overviews | Intune Advanced Analytics |
That also makes it really important to fully understand where the data is coming from, when using Device query for multiple devices. Figure 1 provides a high-level overview of the data flow. As it relies on the data that is collected via Device inventory, it (in)directly also relies on the Microsoft Device Inventory Agent. That agent is used to collect the additional inventory properties that are configured in the Properties catalog profile that is assigned to the device, by relying on the Intune Data Platform. The collected inventory data is accessible via the Resource explorer for the selected device in Microsoft Intune.
Besides that, Device query for multiple devices now also relies on that same data that is collected via Device inventory. That data can now be directly queried to get immediate overviews of multiple devices that meet the specified criteria. And that can help with addressing all sorts of scenarios. Think about finding all the devices with a specific BIOS version, or a summarization that counts all devices with a specific CPU architecture. All of that is now within reach of the IT administrator.
Experiencing Device query for multiple devices
After understanding Device query for multiple devices, it’s good to also actually experience it in Microsoft Intune. Luckily that process is pretty straightforward. And even better, it relies on the same Intune Data Platform schema as Device query (and Device inventory). That means that the same KQL queries can be used for any form of Device query. The only difference is in the supported properties for the queries. At this moment the following properties are supported: Battery, Bios Info, Cpu, Disk Drive, Encryptable Volume, Logical Drive, Memory Info, Network Adapter, Os Version, System Enclosure, Time, Tpm, Video Controller, Windows Qfe. The best part is that with Device query for multiple devices it provides the ability to create overviews and insights of devices.
When looking at using Device query for multiple devices, the steps are actually pretty straight forward. The following steps will walk through the process of running Device query for multiple devices by directly relying on the added value of creating overviews. That can be achieved by relying on aggregations functions to summarize the data.
- Open the Microsoft Intune admin center portal and navigate to Devices > Device query
- On the Devices | Device query page, as shown in Figure 2, and simply specify the query to perform. The example used is summarizing the data based on the architecture of the CPU
Cpu
| summarize Count = count() by Architecture, Manufacturer, Model
| project Architecture, Manufacturer, Model, Count
Note: At this moment Device query for multiple devices is supported on corporate-owned Windows 10 or later devices.
More information
For more information about Device inventory for multiple devices and related components, refer to the following docs.
- Properties catalog in Microsoft Intune | Microsoft Learn
- Intune data platform schema | Microsoft Learn
- Device query for multiple devices in Microsoft Intune | Microsoft Learn
Discover more from All about Microsoft Intune
Subscribe to get the latest posts sent to your email.