One of the announcements at Ignite, which likely was a bit under the radar is Intune’s new Device Inventory feature. Today, we’re going to cover a few things:
- What is Intune Device Inventory?
- The Microsoft Device Inventory Agent
- Creating the Intune Properties Catalog Profile
- Using Intune Resource Explorer
- Final Thoughts
What is Intune Device Inventory?
The question we’re covering today is: “What exactly is Intune Device Inventory?”
Intune Device Inventory is in its very early stages at this point. The eventual goal is to leverage Intune Device Inventory to provide analytical insights into devices to answer crucial questions. Some of those questions might be: “Do any devices lack TPM 2.0 support?” or “What devices have less than 100 GB of free disk space?”
Some of its long-term goals are:
- Extending the capabilities of Dynamic Membership Groups in Entra
- Extended into Microsoft Copilot to drive automations, insights, troubleshooting, and more
- Powering reports and exports of data to get great insights into devices that need to replaced or have gaps
Let’s start by discussing the available categories. The ones with a * are required:
| Category | Properties | Notes |
| Battery | Cycle Count Designed Capacity Full Charged Capacity Instance Name* Manufacturer Model Serial Number | |
| BIOS Info | Bios Name* Manufacturer Release Date Time Serial Number Sm Bios Version Software Element ID* Software Element State* Target Operating System* | |
| CPU | Address Width Architecture Core Count CPU Status Logical Processor Count Manufacturer Max Clock Speed Model Processor Id* Processor Type Socket Designation | |
| Disk Drive | Description Disk Name Drive Id* Drive Index Interface Type Manufacturer Model Partition Count PNP Device Id Serial Number Size Bytes | |
| Encryptable Volume | Encryption Method Encryption Percentage Locked Persistent Volume Id Protection Status Volume Id* Windows Drive Letter | |
| Logical Drive | Disk Description Disk Size Bytes Drive Identifier* Drive Type File System | |
| Memory Info | Physical Memory Total Bytes Virtual Memory Total Bytes | |
| Network Adapter | Identifier* Manufacturer Type | |
| OS Version | Architecture Build Version Install Date Time Major Version Minor Version OS Name OS Version Patch Version | |
| System Enclosure | Audible Alarm Equipped Breach Description Extended Description Lock Equipped Manufacturer Model Security Breach Serial Number* SKU SMBIOS Asset Tag Status Visible Alarm Equipped | |
| Time | Time Zone | |
| TPM | Activated Enabled Manufacturer Manufacturer Id Manufacturer Version Owned Physical Presence Version Product Name Spec Version | |
| Video Controller | Adapter Dac Type Adapter Ram Bytes Current Scan Mode Graphics Card Model Identifier* Video Mode Description | |
| Windows QFE | Caption Computer Name Fix Comments Hot Fix Id* Installed By User Account Installed Date QFE Description | QFE stands for Quick Fix Engineering. It refers to hot fixes to fix critical issues. |
When you build your profile, the key thing to be aware of that you need to delete properties at the category level for them to stop being tracked.
Now, let’s talk a little bit about the Device Inventory Agent.
The Microsoft Device Inventory Agent
The MDIA (Microsoft Device Inventory Agent) lives here: “C:\Program Files\Microsoft Device Inventory Agent\Logs“
When we look at the logs, we start to learn a few things:
The inventory service after installation will do a few things:
- The MDM certificate is retrieved
- The service is started
- The event emitter orchestrator is started (Which basically manages event listeners)
- An IPC server is started (this responds to requests for client data) along with 5 instances.
- The inventory agent orchestration process is initialized
- The Harvester SQLite DB is created along with its appropriate ACLs
- Harvesting tables are created
- The first policy processing is scheduled for 50m away
- Policies start being processed on the 5 instances, which are basically the results of WMI Inventory adapter performing GETs for Device Hardware Inventory data as seen below.
- The Intune Inventory Harvester begins harvesting for the items in its policy.
For fun, we can trace it nicely. Let’s check out below (interesting to note that it appears to reuse the same DocIDs in subsequent attempts):
On the Adapter we see:
[Fri Dec 13 08:39:07 2024][45976] - Adapter=WmiInventory Operation=SET DocumentId=4e1b96b9-8f50-df6b-9a27-60cede49fb9a MeId=04533fcf-c431-4d54-b17b-89be7476f8da Version=5A1E41E2D936228DF02B2E63AE359E9733E9C9024D66D863C048302CD119A666 Result=0x00000000 MIResult=0x00000000
[Fri Dec 13 08:39:07 2024][45976] - Completed action with HRESULT 0x0, MI_Result 0x0.
[Fri Dec 13 08:39:07 2024][45976] - Completed Set action MeID - 04533fcf-c431-4d54-b17b-89be7476f8da, DocumentID - 4e1b96b9-8f50-df6b-9a27-60cede49fb9a, Version - 5A1E41E2D936228DF02B2E63AE359E9733E9C9024D66D863C048302CD119A666 with HRESULT 0x0, MI_Result 0x0.
[Fri Dec 13 08:39:07 2024][45976] - Legacy: Validated that SettingReportIDs is empty and InventoryPayload contains content.
On the Harvester we see:
12/13/2024 4:39:06 AM [Information] Received payload is being processed on pipe instance 5.
12/13/2024 4:39:06 AM [Information] Harvester policy saved successfully: MeId:04533fcf-c431-4d54-b17b-89be7476f8da, DocumentId:4e1b96b9-8f50-df6b-9a27-60cede49fb9a, Version:5A1E41E2D936228DF02B2E63AE359E9733E9C9024D66D863C048302CD119A666.
12/13/2024 4:39:06 AM [Information] Ipc Server instance 5 waiting for connection...Once harvested, it will update the DB with the successfully harvested data:
The interesting thing is after it successfully uploads the data, it will delete the data inside of the DB:
The process will reoccur every 4 hours for posterity’s sake.
Creating the Intune Properties Catalog Profile
To get started, you need to create the Intune Properties Catalog Profile and deploy it to devices.
You can select any of the categories and items that I mentioned earlier. Once you create and deploy it, it can take up to 24 hours for things to resolve themselves.
A frustration you might run into is this delightful 21477449902 error (typically means not supported) before things are ready:
You will find it eventually resolves itself once the agent is installed and data starts to flow properly:
You can see the entire process in detail in the video below:
Using Intune Resource Explorer
If you watched the whole video before, you saw the delightful Intune Resource Explorer. For those who are co-managed, you’re already familiar with it. Intune Device Inventory adds a second one of those menus, but that is fine.
For those who aren’t aware, you go into a device > monitor > resource explorer and can click on any of the categories to see the data:
Another thing of interest is the old legacy “Hardware” section will eventually be sourced by this same service as it’s a huge improvement over the legacy data sourcing the “Hardware” section.
Final Thoughts
At this juncture, Intune Device Inventory is a good idea, but still has a ton of work to do before its a great addition to the Intune lineup. Most of us are waiting for it to be part of dynamic device groups and/or Copilot before being super excited about it.
I would also like to see custom categories/properties so customers can tailor this new high-potential service to their needs. We’re definitely moving in the right direction, and they’ve done an exceptional job making it easy for all Intune admins to use.
One bonus item that I found after my good friend Steve Weiner kept me honest, is we already know the graph endpoints for this, but they’re currently undocumented despite our strongest attempts to bust in:
GET https://graph.microsoft.com/beta/deviceManagement/managedDevices('DEVICEID')/deviceInventories('Cpu')?$expand=instances($expand=Microsoft.Graph.deviceInventorySimpleItem/properties)I hope they will be in due time, but let me finish up with a shameless plug for Graph X-Ray by the amazing PM Merill, which helps you find some of these secret squirrel API commands.
