This post will explain how to Generate Intune Device Inventory report using Microsoft Graph API and provide insights into the process of developing the code to automate the Microsoft Intune Device Inventory report through Microsoft Graph API.
Microsoft Intune offers a wide range of reports within the admin center, which can be exported using Graph APIs. Microsoft Graph, a RESTful web API, facilitates access to Microsoft Cloud service resources. To export Intune reports, utilising the Microsoft Graph API to execute a sequence of HTTP calls is imperative.
Microsoft Graph is an API that lets you access data, intelligence, and insights from Microsoft 365 and other Microsoft Cloud services through a single endpoint. This includes Microsoft 365, Windows, and Enterprise Mobility + Security data.
This Microsoft Graph API is designed to perform the same range of Intune operations as those available through the Azure Portal. By using Microsoft Graph, developers can build intelligent applications that leverage the power of Microsoft 365 and other Microsoft services to enhance productivity and collaboration.
Know more about Application Programming Interface (API)?
What is an API? You should know a little more about API before doing any Microsoft Graph automation. The API stands for Application Programming Interface. In the context of APIs, the term Application refers to any software with a distinct function. The Interface can be considered as a service contract between two applications.
APIs are tools that allow two software components to communicate with each other using a defined set of protocols and definitions. API architecture is often described in terms of a client and a server. The software that initiates the request is the client, and the software that sends the response is the server.
Notably, four types of API protocols are available: SOAP, RCP, WebSocket, and REST APIs. SOAP APIs use Simple Object Access Protocol, where the client and server exchange XML messages. RCP APIs, or Remote Procedure Calls, allow the client to execute a function or procedure on the server, with the server sending the output back to the client.
WebSocket API is a modern web API development that uses JSON objects to pass data. REST APIs, representing Representational State Transfer, define a set of functions, such as GET, PUT, POST, DELETE, etc., that clients can use to access server data, where Clients and servers exchange data using HTTP.
Generate Intune Device Inventory Report using Microsoft Graph API
Let’s learn how to Export Data for all Managed Devices using Graph API. I will use Graph Explorer, a handy browser-based tool for running your Graph calls. The tool does not support batch commands and is limited to executing single-line commands. API calls are made through the Graph Explorer. Upon accessing the Graph Explorer, a webpage like the one below will be displayed.
NOTE! You may need to log in to Graph Explorer using your credentials if it's your first time.
You can use the Microsoft Graph API endpoint provided below to export reports in Microsoft Intune. Your request must use the POST HTTP method.
https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs
You must provide a reportName
parameter as part of the request body based on the report that you would like to export using Microsoft Graph API. Use DeviceCompliance
as reportName
in this example. Microsoft has documented the possible values for the reportName
.
The table below contains the available properties of the DevicesWithInventory report. These property values will have the output of your relevant columns. Thank you, Microsoft, for providing the detailed table.
Requestable Columns | Columns received |
---|---|
DeviceId | Device ID |
DeviceName | Device name |
CreatedDate | Enrollment date |
LastContact | Last check-in |
ReferenceId | Microsoft Entra Device ID |
OSVersion | OS version |
GraphDeviceIsManaged | Microsoft Entra registered |
EasID | EAS activation ID |
SerialNumber | Serial number |
Manufacturer | Manufacturer |
Model | Model |
EasActivationStatus | EAS activated |
IMEI | IMEI |
EasLastSyncSuccessUtc | Last EAS sync time |
EasStateReason | EAS reason |
EasAccessState | EAS status |
InGracePeriodUntil | Compliance grace period expiration |
AndroidPatchLevel | Security patch level |
WifiMacAddress | Wi-Fi MAC |
MEID | MEID |
SubscriberCarrierNetwork | Subscriber carrier |
StorageTotal | Total storage |
StorageFree | Free storage |
ManagedDeviceName | Management name |
CategoryName | Category |
UserId | UserId |
UPN | Primary user UPN |
UserEmail | Primary user email address |
UserName | Primary user display name |
WiFiIPv4Address | WiFiIPv4Address |
WiFiSubnetID | WiFiSubnetID |
CompliantState (alias: ComplianceState) | Compliance |
ManagementAgent | Managed by |
OwnerType | Ownership |
ManagementState | Device state |
DeviceRegistrationState | Intune registered |
IsSupervised | Supervised |
IsEncrypted | Encrypted |
DeviceType (alias: OS) | OS |
SkuFamily | SkuFamily |
JoinType | JoinType |
PhoneNumber | Phone number |
JailBroken | Jailbroken |
ICCID | ICCID |
EthernetMAC | EthernetMAC |
CellularTechnology | CellularTechnology |
ProcessorArchitecture | ProcessorArchitecture |
EID | EID |
EnrollmentType | EnrollmentType |
PartnerFeaturesBitmask | PartnerFeaturesBitmask |
ManagementAgents | ManagementAgents |
CertExpirationDate | CertExpirationDate |
IsManaged | IsManaged |
SystemManagementBIOSVersion | SystemManagementBIOSVersion |
TPMManufacturerId | TPMManufacturerId |
TPMManufacturerVersion | TPMManufacturerVersion |
- Sign in to the Graph Explorer, paste the Microsoft Graph API endpoint.
NOTE! The tenant must have an active Intune license to use the Microsoft Graph API for Intune. The Microsoft Graph API controls access to resources via permissions. You must specify the permissions you need to access Intune resources.
https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs
You must supply the request body to execute the task. The request body should have the property details you want to export. I added only a few properties in this example. Use the JSON body below and Click on Run query.
{
"reportName": "DevicesWithInventory",
"format": "csv",
"localizationType": "LocalizedValuesAsAdditionalColumn",
"select": [
"DeviceName",
"DeviceId",
"OSVersion",
"CreatedDate",
"SerialNumber",
"Manufacturer",
"Model",
"StorageTotal",
"StorageFree",
"UserName"
]
}
As per Microsoft, you can set five main parameters in the request body when making an export request. I have listed those parameters in the table below
Parameters | Description |
---|---|
reportName | Required. This parameter is the name of the report you want to specify |
filter | This is not required for most reports. Note that the filter parameter is a string |
select | This is not required. Specify which columns from the report you want. Only valid column names relevant to the report you are calling will be accepted. |
format | Not required. By default, the data is output in csv format. Specify json to output the file in JSON format. |
localizationType | This parameter controls localization behavior for the report. Possible values are LocalizedValuesAsAdditionalColumn and ReplaceLocalizableValues . |
Well, once you click on the Run Query button, the Graph returns a response message. The response message includes the requested data or the operation’s result.
- Best way to Deploy Shell Scripts using Intune
- Run Remediation Script on-demand for Windows Devices using Intune
- PowerShell Script to Create a Local Admin Account using Intune
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/reports/exportJobs/$entity",
"id": "DevicesWithInventory_3c2b9209-3111-4a66-89a9-b9a861f9a473",
"reportName": "DevicesWithInventory",
"filter": null,
"select": [
"DeviceName",
"DeviceId",
"OSVersion",
"CreatedDate",
"SerialNumber",
"Manufacturer",
"Model",
"StorageTotal",
"StorageFree",
"UserName"
],
"format": "csv",
"snapshotId": null,
"localizationType": "localizedValuesAsAdditionalColumn",
"search": null,
"status": "notStarted",
"url": null,
"requestDateTime": "2024-06-03T09:08:42.2766322Z",
"expirationDateTime": "0001-01-01T00:00:00Z"
}
You must note down the id
field.! To retrieve the status of the export, it is recommended to query the id
field using a GET request. The id
value must be added in the URL within single quotes (‘id’) as below. Paste the below Microsoft Graph API endpoint and Click on the Run Query
https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs(‘DevicesWithInventory_3c2b9209-3111-4a66-89a9-b9a861f9a473’)
You will need to call this Microsoft Graph API endpoint repeatedly until you receive a response containing the status: completed
attribute that looks like the example provided
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/reports/exportJobs/$entity",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET deviceManagement/reports/exportJobs('<key>')?$select=expirationDateTime,filter",
"id": "DevicesWithInventory_3c2b9209-3111-4a66-89a9-b9a861f9a473",
"reportName": "DevicesWithInventory",
"filter": null,
"select": [
"DeviceName",
"DeviceId",
"OSVersion",
"CreatedDate",
"SerialNumber",
"Manufacturer",
"Model",
"StorageTotal",
"StorageFree",
"UserName"
],
"format": "csv",
"snapshotId": null,
"localizationType": "localizedValuesAsAdditionalColumn",
"search": null,
"status": "completed",
"url": "https://amsuc0201repexpstorage.blob.core.windows.net/389f73fc-ca4e-4406-b620-78f752ed3a9a/DevicesWithInventory_3c2b9209-3111-4a66-89a9-b9a861f9a473.zip?sv=2019-07-07&sr=b&sig=0ViNgXuza1AWORIAmGlWx4eqzqTNl7FUNVdjyxzEeSE%3D&skoid=c6d6232f-09e2-4da5-975f-c79ae6fa70c2&sktid=975f013f-7f24-47e8-a7d3-abc4752bf346&skt=2024-06-03T09%3A21%3A55Z&ske=2024-06-03T15%3A17%3A28Z&sks=b&skv=2019-07-07&se=2024-06-03T15%3A17%3A28Z&sp=r",
"requestDateTime": "2024-06-03T09:08:42.2766322Z",
"expirationDateTime": "2024-06-03T15:17:28.060565Z"
}
You will also get a url in the response. This URL should have the compressed CSV report.
- Intune Device Compliance Reports | Endpoint Manager
- Easiest Method to Enable MFA for Admins using Azure AD Conditional Access
- Managing Windows Bitlocker Compliance Policy Using Intune | MS Graph | Grace Period
You can then directly download the compressed CSV from the URL field. The report should have Intune Device Inventory details as below.
I trust that this article will greatly benefit you and your organization. Thank you for being so patient in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
About the Author – Sujin Nelladath has over 10 years of experience in SCCM device management and Automation solutions. He writes and shares his experiences with Microsoft device management technologies, Azure, and PowerShell automation.