Skip to content
/ IntuneDeviceQuery Public

This repository contains a wide array of KQL Queries ready for you to easily copy, paste, and execute within Intune.

www.KQLSearch.com

License

MIT license
82 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ugurkocde/IntuneDeviceQuery

BranchesTags

Repository files navigation

Intune Device Query - KQL Queries

Overview

This repository contains a comprehensive collection of KQL (Kusto Query Language) queries specifically designed for Microsoft Intune Device Query. These queries are ready to use and cover various aspects of device management, monitoring, and troubleshooting.

You can find more KQL Queries here -> KQLSearch.com

Categories

  • System Information

    • BIOS Details
    • CPU Information
    • Disk Drive Details
    • Logical Drive Information

  • Security & Certificates

    • Certificate Management
    • Windows Security Events
    • Driver Signature Verification
    • User Access & Permissions

  • Process & Performance

    • Process Monitoring
    • Memory Usage Analysis
    • Disk I/O Tracking
    • CPU Performance

  • Windows Events

    • Application Crashes
    • System Events
    • Security Auditing
    • Service Status

  • Registry & Configuration

    • Startup Programs
    • Registry Analysis
    • System Configuration

What is Device Query in Intune?

Device query allows you to quickly gain on-demand information about the state of your devices. When you enter a query on a selected device, Device query runs a query in real time. The data returned can then be used to respond to security threats, troubleshoot the device, or make business decisions.

Details:

Device Query -> Device Query

Data Platform Schema -> Data Platform Schema

Requirements

  • License:
    • The Intune Advanced Analytics Add-on OR
    • Microsoft Intune Suite
  • The Windows Device has to be running and connected to the Internet.
  • To use Device query on a device, the device must be enrolled in Endpoint Analytics.
  • To use Device query, devices must be Intune managed and corporate owned.
  • For a user to use Device query, you must assign the Managed Devices - Query permission to them.

How to use the queries in Intune

How To Image

Contributing

Create a Issue or Pull Request if you want to add a new query or have a idea for one that could be useful for everyone.

Feel free to fork the repository and submit pull requests. For major changes, please open an issue first to discuss what you would like to change.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • Microsoft Intune Documentation
  • Community Contributors
  • Microsoft Tech Community

Made with ❤️ by Ugur Koc

About

This repository contains a wide array of KQL Queries ready for you to easily copy, paste, and execute within Intune.

www.KQLSearch.com

Resources

Readme

License

MIT license
Activity

Stars

82 stars

Watchers

5 watching

Forks

10 forks
Report repository