Query Details
Intune Devices Visualize Device Complianceovertime
Query
//Visualize device compliance (compliant, non-compliant, managed by Config Manager, not evaluated or in grace period) per week over time
//Data connector required for this query - Intune data sent to Sentinel workspace
IntuneDevices
| where TimeGenerated > ago (180d)
| summarize arg_max(DeviceName, *) by DeviceName, startofweek(TimeGenerated)
| where isnotempty(CompliantState)
| summarize ComplianceCount=count()by CompliantState, startofweek(TimeGenerated)
| render timechart
with (
ytitle="Device Count",
xtitle="Week",
title="Device compliance per week over time")Explanation
This query visualizes the device compliance status per week over time. It uses data from Intune that is sent to the Sentinel workspace. The query filters the data for the past 180 days, groups it by the start of each week, and identifies the latest device information for each device. It then counts the number of devices for each compliance state (compliant, non-compliant, managed by Config Manager, not evaluated, or in grace period) for each week. The results are displayed in a time chart with the device count on the y-axis and the week on the x-axis. The chart is titled "Device compliance per week over time".
Details
Matt Zorich
Released: June 17, 2022
Tables
IntuneDevices
Keywords
IntuneDevices,TimeGenerated,DeviceName,CompliantState,ComplianceCount
Operators
whereagosummarizearg_maxbyisnotemptycountrenderwith