Same AAD Device ID and Intune Device ID

Last updated 3 years ago

IntuneDevices |where TimeGenerated > ago(180d) //Gets all data generated in 180 days | where todatetime(LastContact) > ago (30d) //Filter only devices have contact to Intune in 30 days | where OS == "Windows" and DeviceId == ReferenceId //find Intune devices ID same as AAD Device ID | summarize arg_max(TimeGenerated, *) by SerialNumber, WeekGenerated = startofweek(TimeGenerated) // maximized TimeGenerated, group by SerialNumber, and start of week | summarize Count=count()by WeekGenerated //summarize count by WeekGenerated | sort by WeekGenerated // sort WeekGenerated by desc

IntuneDevices |where TimeGenerated > ago(180d) //Gets all data generated in 180 days | where todatetime(LastContact) > ago (30d) //Filter only devices have contact to Intune in 30 days | where OS == "Windows" and DeviceId == ReferenceId //find Intune devices ID same as AAD Device ID | summarize arg_max(TimeGenerated, *) by SerialNumber, WeekGenerated = startofweek(TimeGenerated) // maximized TimeGenerated, group by SerialNumber, and start of week | summarize Count=count()by WeekGenerated, JoinType //summarize count by WeekGenerated and JoinType | sort by WeekGenerated // sort WeekGenerated by desc

IntuneDevices | where TimeGenerated > ago(180d) //Gets all data generated in 180 days | where todatetime(LastContact) > ago (30d) //Filter only devices have contact to Intune in 30 days | where OS == "Windows" and DeviceId == ReferenceId //find Intune devices ID same as AAD Device ID | summarize arg_max(TimeGenerated, *) by SerialNumber, WeekGenerated = startofweek(TimeGenerated) // maximized TimeGenerated, group by SerialNumber, and start of week | summarize Count=count()by WeekGenerated, JoinType //summarize count by WeekGenerated and JoinType | where isnotempty( JoinType) | render columnchart with (kind=unstacked, title="Devices with the same Azure AD and Intune device Id per week by join type")

let deviceData = IntuneDevices | where TimeGenerated > ago(180d) //Gets all data generated in 180 days and todatetime(LastContact) > ago (30d) //Filter only devices have contact to Intune in 30 days and OS == "Windows" | summarize StartTime = arg_min(TimeGenerated, *), EndTime = arg_max(TimeGenerated,*) by SerialNumber, DeviceName, DeviceId, ReferenceId | project StartTime, EndTime, LastContact, SerialNumber, DeviceName, DeviceId, ReferenceId; let issueDevices = deviceData | summarize count = count() by SerialNumber, DeviceName | where ['count'] > 1; deviceData | where SerialNumber in (issueDevices) | sort by SerialNumber, EndTime

IntuneDevices |where TimeGenerated > ago(180d) //Gets all data generated in 180 days | where todatetime(LastContact) > ago (30d) //Filter only devices have contact to Intune in 30 days | where OS == "Windows" and DeviceId == ReferenceId //find Intune devices ID same as AAD Device ID | summarize arg_max(TimeGenerated, *) by SerialNumber, WeekGenerated = startofweek(TimeGenerated) // maximized TimeGenerated, group by SerialNumber, and start of week | summarize Count=count()by WeekGenerated, JoinType //summarize count by WeekGenerated and JoinType | sort by WeekGenerated // sort WeekGenerated by desc

IntuneDevices | where TimeGenerated > ago(180d) //Gets all data generated in 180 days | where todatetime(LastContact) > ago (30d) //Filter only devices have contact to Intune in 30 days | where OS == "Windows" and DeviceId == ReferenceId //find Intune devices ID same as AAD Device ID | summarize arg_max(TimeGenerated, *) by SerialNumber, WeekGenerated = startofweek(TimeGenerated) // maximized TimeGenerated, group by SerialNumber, and start of week | summarize Count=count()by WeekGenerated, JoinType //summarize count by WeekGenerated and JoinType | where isnotempty( JoinType) | render columnchart with (kind=unstacked, title="Devices with the same Azure AD and Intune device Id per week by join type")

Same AAD Device ID and Intune Device ID

Same AAD Device ID and Intune Device ID

Summarize by Week generated

Summarized by Week generated with JoinType

Visualize per week by join type

Get a full list of devices that has multiple AAD Device ID or Intune Device ID

Summarize by Week generated

Summarized by Week generated with JoinType

Visualize per week by join type

Get a full list of devices that has multiple AAD Device ID or Intune Device ID