Device Query for multiple devices

When managing a modern Windows fleet, keeping track of device security, state, and encryption is key to maintaining a smooth end-user experience. Microsoft’s Endpoint Analytics provides valuable insights into this data, but did you know you can query multiple devices simultaneously? This new functionality, Device Query for multiple devices, allows you to extract data based on specific properties across your devices.

Let’s examine this feature, its operation, and, equally important, what you should remember before relying on its results.

What Is a Device Query for multiple devices?

The Device Query for multiple devices capability in Endpoint Analytics lets you retrieve performance and inventory data across multiple devices based on specific conditions. This is useful when you want to:

• Find devices with poor startup performance
• Identify machines running specific applications
• Spot devices affected by hardware reliability issues

Rather than manually checking each device’s performance in the Intune portal, you can pull this data in one go based on shared characteristics.

Prerequisites for Using Device Query for multiple devices

Before you can start leveraging Device Query for multiple devices within your environment, there are a few important requirements to ensure everything works as expected:

• Licensing: Your tenant must be licensed for Microsoft Intune Advanced Analytics. This functionality is included in:
  • The Intune Advanced Analytics add-on
  • The Microsoft Intune Suite.
• Permissions: Users performing queries must have the appropriate minimal permissions assigned:
  • Managed Devices – Query
  • Organization – Read
• Queries will only return data from devices that meet the following conditions:
  • Devices are Intune-managed and marked as corporate-owned.
  • Devices actively collect inventory data, which is required for query results. Without inventory data, there is nothing to query.

Ensuring these prerequisites are met is crucial to avoiding confusion when queries return incomplete or no results.

Where Does the Data Come From?

device queries for multiple devices do not query devices in real time. Instead, the data is based on the Device Inventory, collected from the device and uploaded to Intune approximately every 24 hours. Any query we run reflects the device’s state as of the last inventory upload, not its current state.

If you haven’t already, I strongly recommend reading this detailed breakdown:
Device Inventory and Intune Resource Explorer – How It All Fits Together.

Key points to remember from that article:

• The Intune Inventory Agent collects inventory data and gathers device hardware, performance, and reliability data.
• This data has been uploaded and is available in the Intune Resource Explorer.
• Inventory uploads typically occur once every 24 hours, but not in real-time.
• Multi-Device Queries pull from this uploaded inventory, not from the device directly.

The date is Knowing this will save you from expecting real-time results when troubleshooting device issues.

Device Queries for multiple devices what are we working with?

Device query multiple devices allows you to retrieve inventory and performance data from multiple devices in Endpoint Analytics based on specific criteria. You can filter devices using various properties representing hardware, OS, and performance characteristics.

Basic supported properties

• Battery
• Bios Info
• Cpu
• Disk Drive
• Encryptable Volume
• Logical Drive
• Memory Info
• Network Adapter
• Os Version
• System Enclosure
• Time
• Tpm
• Video Controller
• Windows Qfe

Querying the data using KQL

Now, for creating a query, the language used here is KQL. Best practices can be found Best practices for Kusto Query Language queries – Azure Data Explorer & Real-Time Analytics | Microsoft Learn

In this example, we want to get encrypted volumes and show all the devices. We want to project this with some other info.

Conclusion