Query Details
Device Visualize OS Buildspermonth
Query
//Visualize the OS build numbers of your Windows 10 and 11 devices per month over the last year
//Data connector required for this query - M365 Defender - Device* tables
DeviceInfo
| where TimeGenerated > ago(365d)
| where OSPlatform in ("Windows10", "Windows11")
| extend OSBuildNumber=tostring(OSBuild)
| summarize arg_max(TimeGenerated, *) by DeviceName, startofmonth(TimeGenerated)
| summarize count()by OSBuildNumber, startofmonth(TimeGenerated)
| where isnotempty(OSBuildNumber)
| render areachart
with (
ytitle="Device Count",
xtitle="Month",
title="Count of Windows 10 and 11 OS Builds per month")Explanation
This query visualizes the number of Windows 10 and 11 devices' operating system (OS) build numbers per month over the past year. It uses the M365 Defender - Device* tables as the data source. The query filters the data for devices with OSPlatform values of "Windows10" or "Windows11" and within the last 365 days. It then converts the OSBuild column to a string and groups the data by DeviceName and the start of each month. The query counts the number of devices for each OS build number and month, excluding any empty OS build numbers. Finally, it renders the results as an area chart with the y-axis representing the device count, the x-axis representing the month, and the title indicating the count of Windows 10 and 11 OS builds per month.
Details
Matt Zorich
Released: June 17, 2022
Tables
Keywords
Operators