Query Details
Audit Number Of Device Wipes And Deletions
Query
Description: Shows the Number of device Wipes and Deletions Actions in Intune. Query: IntuneAuditLogs | where TimeGenerated > ago(30d) | where OperationName contains "Wipe" or OperationName contains "Delete" | extend OperationType = iif(OperationName contains "Wipe", "Wipe", "Delete") | summarize Count = count() by OperationType
Explanation
This query retrieves the number of device wipe and deletion actions in Intune within the last 30 days. It filters the Intune audit logs based on the operation names containing "Wipe" or "Delete". Then, it creates a new column called OperationType to categorize the operations as either "Wipe" or "Delete". Finally, it summarizes the count of each operation type.
Details
Ugur Koc
Released: January 10, 2024
Tables
IntuneAuditLogs
Keywords
IntuneAuditLogs,TimeGenerated,OperationName,Wipe,Delete,OperationType,Count
Operators
where>agocontainsorextendiifsummarizecountby