Query Details
Operational ESP Enrollments With Profile Name
Query
IntuneOperationalLogs | where TimeGenerated > ago(30d) | where OperationName == "ESPEnrollment" // Filter for devices with ESP Enrollment | extend Type = todynamic(Properties).EnrollmentTypeMessage | extend ESPPolicy = todynamic(Properties).ESPPolicyName // Show ESP Profile if present | where Type != "" | summarize count(OperationName) by tostring(Type), tostring(ESPPolicy) | project Type, ESPPolicy, count_OperationName
Explanation
This query is looking at operational logs from Intune, a Microsoft service for managing mobile devices. It's specifically looking at logs from the past 30 days where the operation name is "ESPEnrollment", which refers to devices that have enrolled in the ESP (Enterprise State Roaming) service.
The query then extracts additional information from the logs about the type of enrollment and the name of the ESP policy, if one is present. It filters out any records where the enrollment type is not specified.
Finally, it counts the number of each type of enrollment operation and groups them by the enrollment type and ESP policy name. The results are displayed with columns for the enrollment type, ESP policy name, and the count of enrollment operations.
Details
Ugur Koc
Released: August 3, 2022
Tables
Keywords
Operators