This post will show how to run the Intune Device Query with Microsoft Graph API. The present discourse endeavours to elucidate the functionality of the Graph API when utilizing the Intune device query. The exposition shall comprehensively explain the aforesaid concepts in clear, concise, and error-free language.
TheDevice Queryfeature in the Intune service is designed to facilitate efficient and streamlined device management and information retrieval. You must select the device from the Intune portal and then run the Kusto Query Language (KQL) query to use it.
TheDevice Queryreports are available in real-time and can be retrieved directly. The output can be utilized to respond to security threats, troubleshoot the device, and make informed business decisions. If your license does not includeMicrosoft Intune Advanced Analytics, theDevice Queryoption will not be available in your tenant. To access the features ofMicrosoft Intune Advanced Analytics, you can utilize theIntune Advanced AnalyticsAdd-on orMicrosoft Intune Suite
What setsDevice Queryapart is its ability to encrypt all data queries and results, ensuring that all transmission is secure. This feature offers a significant advantage over other similar platforms as it guarantees the protection of sensitive data throughout the entire process. Device query only supports a subset ofKQLoperators.
Overview of Microsoft Graph
Microsoft Graphis anAPI(Application programming interface) that provides a single endpoint for accessing data, intelligence, and insights fromMicrosoft 365and otherMicrosoft Cloud services. It provides a single endpoint,https://graph.microsoft.com, that enables access to various data and insights in theMicrosoft cloud, including Microsoft 365, Windows,andEnterprise Mobility + Security.
By usingMicrosoft Graph,developers can build intelligent applications that leverage the power ofMicrosoft 365andother Microsoft servicesto enhance productivity and collaboration.
- Intune Policy Assignment Classification Easy Secrets of using Graph API with PowerShell
- Manage Intune Tasks with PowerShell Part 1
- Managing Windows Bitlocker Compliance Policy Using Intune | MS Graph | Grace Period
Microsoft Graphcan be leveraged to create personalized experiences catering to individual users’ unique contexts, thereby increasing their productivity. It offers a robust suite of services for managing user and device identity, access, compliance, security and data access on the followingMicrosoft cloud services.
Run Device Query through the Intune Portal
Let’s learn how to useDevice Queryin theIntuneportal and retrieve live data.
- Sign in to theMicrosoft Intune Admin portal.
- Go toDevices>All devices
- Select theDevicethat you’re interested in
- On the right-hand side, click onDevice query
Once you click onDevice query, you will have thePropertiestable likeBiosInfo.
Run Device Query with Microsoft Graph
Understanding how to automate actions using Microsoft Graph is crucial when introducing new features to Intune. For anyone who wants to experiment with Graph, utilizing the developer mode from a browser is highly recommended. This method allows for greater efficiency and precision in implementing Graph features.
- Sign in to theMicrosoft Intune Admin portal.
- Go toDevices>All devices
- Select theDevicethat you’re interested in
- On the right-hand side, click onDevice query
- Type your query
- Press F12 to open developer mode
- Select theNetworktab
- Click onRun
- Click on the Stop Recording button
- You will be able to find two resources calledcreateQuery
You will be able to see the Requested URL resource when you click on first createQuery. The requested URL is the valid url to run the query in Graph API.
- Intune Anomaly Detection Device and Advanced Analytics
- MS Defender Advanced Hunting using KQL Queries
- Intune Diagnostics Settings Log Analytics KQL Queries Azure Subscription Missing Issue
You will be able to see the body to pass in Payload. Click on the Payload option to view the query.
This is the query that has been parsed in JSON format, as shown in the example.
{"query":"Qmlvc0luZm8NCnwgcHJvamVjdCBNYW51ZmFjdHVyZXIsIFJlbGVhc2VEYXRlVGltZSwgU2VyaWFsTnVtYmVyLCBTbUJpb3NWZXJzaW9u"}
NOTE! In this case, it is important to note that the request method used to execute the query is POST. This method is commonly used in web development to send data to a server to be processed.- How to Retrieve PowerShell Scripts from Intune using Microsoft Graph
- Explore Kusto Query Language (KQL) and Intune Device Query
I will use Graph Explorer, a handy browser-based tool for running your Graph calls. However, it does not support commands in batch and is a single-line command executor. API calls will be made by utilizing the Graph Explorer. When you go to Graph Explorer, you will get a webpage like the one below.
NOTE! You may need to log in to Graph Explorer using your credentials if it's your first time. 
You will receive the API output response below once you click the Run query button.
NOTE ! You may encounter a 403 Forbidden error after clicking the Run query button. This is a known issue that is awaiting a solution from Microsoft.How to Decode a Base-64 encoded value
The scriptContent is a base-64 encoded value. Let’s decryptit by pasting it into an online decoder. You can also use Visual Studio Code to decode base-64 encoded value. Let’s try it now..!
- Open the Online decoder site
- Type the base-64 encoded value that you want to decode.
- Click onDecode
Thank you for your patience in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel.Clickhere – HTMD WhatsApp.
Author
About the Author–Sujin Nelladathhas over 10 years of experience in device management technologies and Automation solutions. He writes and shares his experiences with Microsoft device management technologies, Azure, and PowerShell automation.
