Intune is Microsoft’s cloud-based mobile device management (MDM) and mobile application management (MAM) service. It’s great at

  • Setting up, configuring & securing mobile devices
  • Protecting corporate data with access controls, enforced data encryption, blocking certain types of data transfers etc

However, when it comes to collecting detailed device hardware, software, usage & configuration details, it’s somewhat limited. Intune device inventory includes the following details

  • ID – Device Name, Serial Number, Azure & Intune GUIDs, IMEI
  • Hardware – Manufacturer, Model, Storage (Total & Free), Total Physical Memory,  Primary Disk Type, Mac Address
  • Operating System – Name, Version, Edition & SKU
  • Security – TPM version, Secure Boot Enabled, Compliance State, Bitlocker Status
  • Users – Enrolment User, Assigned User, Logged in Users
  • Azure – Enrolment Type & Date, Status, Last check-in
Intune Device Details
Screenshot from Intune site (https://endpoint.microsoft.com/)

There’s a full list of fields available on Intune’s API reference here.

This might be sufficient for some users, but users migrating from System Center Configuration Manager, for example, might be a little disappointed with the relatively limited data collected from Windows client devices.

The good news is that Intune provides a mechanism that can be used by 3rd party inventory tools to collect more detailed inventory information. The even better news is that Sam360 can now run a full inventory scan on all of your Intune managed Windows devices. Basically, this is how it works…

  1. To configure…
    1. Log in to computer where Sam360 Managment Point is installed
    2. Create the Intune integration using the Management Point configuration tool (takes ~2 minutes)
    3. The management Point uses the Intune Graph API to register a PowerShell script to be run on all Intune managed Windows devices
  2. Then every day, week or month…
    1. The PowerShell script automatically executes on each device
    2. It downloads our web scan tool from the Sam360 portal
    3. The web scan tool runs a full inventory scan on the device and uploads the inventory file to the Sam360 portal
    4. The inventory data is updated in the portal

The inventory includes all of the usual Sam360 data points including…

Device Device

Logical Drive Logical Drive

Network Card Network Card

OEM Warranty OEM Warranty

Windows Domain Windows Domain

Windows Update Windows Update

Device Certificate Device Certificate

Device VPN Device VPN

Wireless Network Wireless Network

User User

Product Product

Product Instance Product Instance

SQL Server Database SQL Server Database

Netstat Connection Netstat Connection

Here are some sample screenshots of data collected by an Intune/Sam360 inventory scan…

  • Intune Sam360 Scan-General Details
    Intune Sam360 Scan General Details
  • Intune Sam360 Scan Hardware Details
  • Intune Sam360 Scan Operating System Details
  • Intune Sam360 Scan Active Directory Details
  • Intune Sam360 Scan OEM Warranty Details
  • Intune Sam360 Scan End Point Protection Details
  • Intune Sam360 Scan Activity Details
  • Intune Sam360 Scan Location Details
  • Intune Sam360 Scan Licensed Software Details
  • Intune Sam360 Scan Logical Drive Details
  • Intune Sam360 Scan Windows Services Details

In summary, Intune provides a fast and reliable way to gather detailed inventory with Sam360. It’s especially useful where devices

Please get in touch if you’d like assistance with your deployment.