Query Details
Intune Device Enrollment Information
Query
let Hostname = ""; let Timerange = ""; // 15m, 5h, 7d, etc IntuneOperationalLogs | where TimeGenerated >= ago(Timerange) | where OperationName == "Enrollment" | extend EnrollmentTimeUTC = tostring(parse_json(Properties).EnrollmentTimeUTC) | extend EnrollmentType = tostring(parse_json(Properties).EnrollmentType) | extend FailureCategory = tostring(parse_json(Properties).FailureCategory) | extend DeviceId = tostring(parse_json(Properties).IntuneDeviceId) | extend IntuneUserId = tostring(parse_json(Properties).IntuneUserId) | extend OS = tostring(parse_json(Properties).Os) | join kind=leftouter ( IntuneDevices | where TimeGenerated >= ago(Timerange) | summarize arg_max(TimeGenerated, *) by DeviceName | project TimeGenerated, DeviceName, LastContact, OS, Model, DeviceState, JoinType, DeviceId ) on DeviceId | join kind=leftouter ( IdentityInfo | where TimeGenerated >= ago(Timerange) | extend IntuneUserId = AccountObjectId | summarize arg_max(TimeGenerated, *) by IntuneUserId | project UPN = AccountUPN, IntuneUserId ) on IntuneUserId | where DeviceName =~ "Hostname" | project-away DeviceId1, OS1, IntuneUserId1, Type, Properties, Category, TimeGenerated1, SourceSystem | project-reorder TimeGenerated, DeviceName, UPN
Explanation
This query retrieves information about device enrollments in Intune, including details like enrollment time, type, failure category, device ID, user ID, operating system, and more. It also includes information about the devices and users associated with the enrollments. The query filters the results based on a specified hostname and time range.
Details
Jason Walker (@tezna)
Released: June 7, 2024
Tables
IntuneOperationalLogsIntuneDevicesIdentityInfo
Keywords
IntuneOperationalLogs,IntuneDevices,IdentityInfo,Enrollment,Device,IntuneUserId,OS,Model,DeviceState,JoinType,DeviceId,UPN,AccountObjectId,AccountUPN,TimeGenerated,DeviceName,LastContact,FailureCategory,EnrollmentTimeUTC,EnrollmentType.
Operators
whereextendjoinkindsummarizeprojectproject-awayproject-reorder