Intune Device query is an available feature since April 2024. It enables you to obtain real-time information about your devices. When you query a device, you receive immediate data that can be utilized in multiple operational tasks. The bad news is that Intune device query is part of Intune Advance Analytics or the Microsoft Intune Suite, an add-on that requires a new licence. The good news is that you can try it for free for 90 days. In this post, we’ll show how to enable Intune device query, how to use it and a couple of interesting queries that you can use.

Intune device query Requirement

As stated in the post introduction, you first need :

  • Intune Advance Analytics or the Microsoft Intune Suite before your first query.
  • The target query also needs to be enrolled in Endpoint Analytics
  • The user that uses Intune Device query must have the Managed Devices – Query permission
  • Queried Devices must be running Windows 10 or later

As a side note, you need to know that Device Query uses the KQL (Kusto) programming language. If you’re note familiar with this language, keep reading, I’ll hand out my recommendation to learn it.

Let’s enable it on our test tenant :

Click on Tenant Administration / Intune Add-On

From there, you have 2 choices, you can buy the Microsoft Intune Suite (which Advance Analytics is part of) or simply Advance Analytics as a standalone addon. On the left, click View Details on the desired plan.

Intune device query

At the time of this writing, on our tenant, Advance Analytics is 6.80$CAD per month and the Intune Suite is 13.60CAD per month. This price is by user.

On the right pane, click on the link to try or buy the licences

  • In the M365 admin panel, we’ll select Start Free Trial. If you’re happy with the results, you can come back later and buy the licences.
  • Click on Try Now to complete the process

Last part is to assign the licence to my User in the M365 admin portal

  • Click Active Users / You user
  • On the right, click Licence and Apps, select the Microsoft Intune Advanced Analytics licence, and click Save Changes at the bottom.
Intune device query

Validate that the licence is active by going to

  • Tenant Administration / Intune Add-On / Your add-ons
  • You can see that our licence is active
Intune device query

Enable Endpoint Analytics

We will now enable our tenant with Endpoint Analytics, which is one of the requirements before using Intune Device Query. If you already complete this step, you can jump to the next section.

  • All cloud-managed devices: Creates an Intune data collection policy assigned to all Windows 10 1903 or later devices which are either Intune-managed or co-managed.
  • Selected devices: Creates and assigns the policy to devices which you select.
  • I’ll choose later: Don’t deploy a policy to devices. Remediations can still be used, but any reports that rely on analytics data will be empty.
Intune device query

Intune Device Query

Once all the requirements are done, you can now navigate to a Windows device and access the Device Query option. It can take up to 24 hours before you see this option after setting the requirements.

Intune device query

In the right pane, you can enter your KQL query. On the left pane, you can see the supported properties that can be queried. If you’re familiar with CMPivot, you’ll see that it’s the same language and concept. Many of the CMPivot queries should work in Intune Device Query but some will fail as they target some inexistent data.

In the following weeks, I’ll compile a list of my best queries and I’ll do a separate post as I did with CMPivot.

KQL Learning tips and ressources

KQL is not too complicated to learn. The key is to know the basics and play with it.

I strongly recommend this blog series from Rob Trent to start. This repository contains the code, queries, and eBook included as part of the MustLearnKQL blog series. The series is a continuing effort to discuss and educate about the power and simplicity of the Kusto Query Language.

You can also look at this KQL cheat sheet and this KQL reference

Comments (0)