Intune Devices Test
This test continuously monitors the devices enrolled in Microsoft Intune and reports the count of device running on different operating systems, complaint and non-complaint device, and device with error and policy conflicts. These measures provide visibility into the compliance and management status of devices enrolled in Intune. By tracking device enrollment, synchronization, compliance health, and remediation, this test helps administrators quickly identify how many enrolled devices are unsynchronized, unmanaged or misconfigured devices, detect policy conflicts, and monitor the overall security posture of the environment. This test enables administrators to ensure that all devices remain aligned with organizational standards and policies, thus reducing risks and supporting consistent endpoint management.
This test also helps administrators to ensure that the devices are properly managed, secured, and compliant with organizational policies. Using the metrics reported by this test, administrators can confirm encryption, user association, directory join status, and policy coverage, while also highlighting unmanaged or misconfigured devices. This test helps administrators to quickly detect gaps, prevent security risks, and maintain a consistent compliance posture across the environment.
Target of the Test: Microsoft Intune
Agent deploying the test: A remote agent
Output of the test: One set of results for the target Microsoft Intune being monitored
| Parameters | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The host for which the test is to be configured. |
|
Tenant ID |
Specify the Directory ID of the Azure AD tenant to which the target subscription belongs. To know how to determine the Directory ID, refer to Configuring the eG Agent to Monitor Microsoft Azure Intune Using Intune REST API. |
|
Client ID, Client Password, and Confirm Password |
To connect to the target subscription, the eG agent requires an Access token in the form of an Application ID and the client secret value. For this purpose, you should register a new application with the Azure AD tenant. To know how to create such an application and determine its Application ID and client secret, refer to Configuring the eG Agent to Monitor Microsoft Azure Intune Using Intune REST API. Specify the Application ID of the created Application in the Client ID text box and the client secret value in the Client Password text box. Confirm the Client Password by retyping it in the Confirm Password text box. |
|
Is DD Required for Personal Devices |
By default, this flag is set to No. This implies that by default, detailed metrics will not be available for the Personal devices measure of this test. To enable detailed diagnosis for this measure, you can set this flag to Yes. In this case, you will be able to view the complete details of all personal devices, as part of detailed diagnostics. |
|
Is DD Required for Registered Devices |
By default, this flag is set to No. This implies that by default, detailed metrics will not be available for the Registered devices measure of this test. To enable detailed diagnosis for this measure, you can set this flag to Yes. In this case, you will be able to view the complete details of all registered devices, as part of detailed diagnostics. |
|
Is DD Required for Devices without user |
By default, this flag is set to No. This implies that by default, detailed metrics will not be available for the Devices without logged in users measure of this test. To enable detailed diagnosis for this measure, you can set this flag to Yes. In this case, you will be able to view the complete details of all devices with no logged in users, as part of detailed diagnostics. |
|
Proxy Host and Proxy Port |
In some environments, all communication with the Azure cloud be routed through a proxy server. In such environments, you should make sure that the eG agent connects to the cloud via the proxy server and collects metrics. To enable metrics collection via a proxy, specify the IP address of the proxy server and the port at which the server listens against the Proxy Host and Proxy Port parameters. By default, these parameters are set to none, indicating that the eG agent is not configured to communicate via a proxy, by default. |
|
Proxy Username, Proxy Password and Confirm Password |
If the proxy server requires authentication, then, specify a valid proxy user name and password in the Proxy Username and Proxy Password parameters, respectively. Then, confirm the password by retyping it in the Confirm Password text box. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
Measures reported by the test:
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Company devices |
Indicates the number of corporate owned devices enrolled on Microsoft Intune. |
Number |
|
|
Personal devices |
Indicates the number of personal devices enrolled on Microsoft Intune. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Unknown devices |
Indicates the number of unknown devices enrolled on Microsoft Intune. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Not registered devices |
Indicates the number of devices that are not registered on Microsoft Intune. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Registered devices |
Indicates the number of devices that were registered on Microsoft Intune. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device, model of the device, device category, Intune Device ID and Azure AD Device ID. |
|
Revoked devices |
Indicates the number of devices that were blocked, wiped or retired from Microsoft Intune. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Devices with key conflicts |
Indicates the number of devices that have key conflict. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Devices with approval pending |
Indicates the number of devices that were pending approval. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Devices needing certificate reset |
Indicates the number of devices on which device certificate was reset. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Devices not registered and pending enrollment |
Indicates the number of devices that are not registered and are pending enrollment. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Unknown devices |
Indicates the number of devices whose device registration status is unknown. |
Number |
The detailed diagnosis of this measure lists the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Devices with configuration errors |
Indicates the number of devices that were configured with errors on the target Microsoft Intune. |
Number |
Use the detailed diagnosis of this measure to know the device name, primary UPN, compliance status of the device, configuration name and time on which the device was last checked for errors. |
|
Devices with configuration conflicts |
Indicates the number of devices that encountered conflicts during configuration on the target Microsoft Intune. |
Number |
Use the detailed diagnosis of this measure to know the device name, primary UPN, compliance status of the device, configuration name and time on which the device was last checked for conflicts. |
|
Configuration policies with error or conflict |
Indicates the number of devices where assigned configuration policies have failed to apply due to errors or are in conflict with other settings. |
Number |
The detailed diagnosis lists the name and type of policy, profile source, platform, and highlights the number of devices where the policy has either failed to apply due to errors or caused conflicts. |
|
Total devices |
Indicates the total number of devices managed by the Microsoft Intune. |
Number |
|
|
MDM only devices |
Indicates the number of devices that can be managed exclusively through the Microsoft Intune (MDM). |
Number |
|
|
Co-Managed devices |
Indicates the number of devices that are managed simultaneously through both Microsoft Intune (MDM) and Configuration Manager (SCCM). |
Number |
|
|
Configuration manager devices |
Indicates the number of devices that are managed through Configuration manager. |
Number |
|
|
Other devices |
Indicates the number of devices that do not fall into standard management categories such as MDM, co-managed, or Configuration Manager |
Number |
The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, timestamp at which the device was enrolled and device category are also reported. |
|
Devices that have not synced |
Indicates the number of devices that have not been successfully synchronized with Microsoft Intune. |
Number |
If the value of this measure is high, it indicates that many devices are not communicating with the management server. This results in outdated compliance data, missed policy or configuration updates, and potential security gaps. A high value reduces visibility and control, so administrators should investigate connectivity issues, check user activity, and ensure devices are regularly syncing to stay up to date. The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer and model of the device and timestamp at which the device was last checked. The Device ID, Azure AD Device ID, timestamp at which the device was last synchronized and device category are also reported. |
|
Devices that have enrolled in past 24 hours |
Indicates the number of devices that were enrolled on Microsoft Intune in the last 24 hours. |
Number |
The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, timestamp at which the device was enrolled and device category are also reported. |
|
Android devices |
Indicates the number of devices operating with Android operating system. |
Number |
|
|
iOS/iPadOS devices |
Indicates the number of devices operating with iOS/iPadOS. |
Number |
|
|
macOS devices |
Indicates the number of devices operating with macOS. |
Number |
|
|
Windows mobile devices |
Indicates the number of Windows mobile devices. |
Number |
|
|
Windows devices |
Indicates the number of devices operating with Windows operating system. |
Number |
|
|
Linux devices |
Indicates the number of devices operating with Linux operating system. |
Number |
|
|
ChromeOS devices |
Indicates the number of devices operating with Chrome operating system. |
Number |
|
|
Unknown OS devices |
Indicates the number of devices operating with unknown operating systems. |
Number |
|
|
Other OS devices |
Indicates the number of devices operating with operating systems other than Android, iOS, macOS, and ChromeOS. |
Number |
The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, timestamp at which the device was enrolled and device category are also reported. |
|
Devices in compliance |
Indicates the count of devices that meet all the compliance policies defined in Microsoft Intune. |
Number |
|
|
Devices not in compliance |
Indicates the total count of devices that fail to meet one or more compliance policies. |
Number |
A high value for this measure indicates that many devices are not meeting required security or configuration policies. This increases the risk of vulnerabilities and weakens overall device health. Administrators should promptly review the causes and apply remediation to restore compliance and maintain a secure environment. The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer and model of the device and timestamp at which the device was last checked. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Devices in grace period |
Indicates the number of devices that are currently in the compliance grace period defined in Microsoft Intune |
Number |
The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer and model of the device and timestamp at which the device was last checked. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Devices with errors |
Indicates the number of devices that encountered errors while evaluating or applying compliance policies. |
Number |
A high value for this measure denotes that many devices failed to process compliance checks correctly. Administrators should investigate error trends, identify root causes, and resolve them to ensure accurate compliance reporting and policy enforcement. The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer and model of the device and timestamp at which the device was last checked. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Devices with conflicts |
Indicates the number of devices that have conflicting compliance policies or settings. |
Number |
The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer and model of the device and timestamp at which the device was last checked. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Number of devices managed by SCCM |
Indicates the number of devices whose compliance status is actively monitored and managed using SCCM (System Center Configuration Manager) |
Number |
|
|
Number of devices not evaluated |
Indicates the number of devices that are not evaluated or not properly enrolled. |
Number |
A high value may indicate reporting issues or devices that need further investigation. |
|
Devices with users logged in |
Indicates the number of devices that currently have one or more active user sessions. |
Number |
The detailed diagnosis of this measure displays the username, UPN, user ID, timestamp at which the user logged in on the device, device name, operating system running on the device, version of operating system, owner of the device, enrollment type and encryption status of device, and manufacturer, model, and directory identifiers of device. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Devices without logged in users |
Indicates the number of devices with no active user sessions. |
Number |
The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer and model of the device and timestamp at which the device was last checked. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Encrypted devices |
Indicates the number of devices on which encryption is enabled. |
Number |
In Microsoft Intune, an encrypted device is a Windows, macOS, or mobile device that has its storage drives encrypted using a supported encryption technology, most commonly BitLocker (Windows) or FileVault (macOS) that reports its encryption status to Intune. Ideally, the value of this mesaure should be high. |
|
Not encrypted devices |
Indicates the number of devices on which encryption is not enabled. |
Number |
In Microsoft Intune, the devices (Windows, macOS, Android, or iOS) that does not have disk encryption enabled or fails to report an encrypted status to Intune are classified as non encrypted device. Ideally, the value of this mesaure should be 0. The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, timestamp at which the device was enrolled and device category are also reported. |
|
Device without mdm agent |
Indicates the number of devices where the mobile device management (MDM) agent is not running. |
Number |
The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer of the device and the model of the device. The Device ID, Azure AD Device ID, timestamp at which the device was enrolled and device category are also reported. |
|
Devices with no user assigned |
Indicates the devices that have been enrolled but not associated with any user. |
Number |
The detailed diagnosis of this measure reveals the name of the device, Operating system of the device, OS version, Owner type, Device type, UPN, whether the device is registered withe Microsoft Azure AD, Management Agent, Device Enrollment type, whether/not the device is encrypted, the subscriber carrier, Manufacturer and model of the device and timestamp at which the device was last checked. The Device ID, Azure AD Device ID, and device category are also reported. |
|
Entra ID registered devices |
Indicates the number of devices registered in Entra ID. |
Number |
|
|
On-Premises AD joined devices |
Indicates the number of devices associated to on-premises Active Directory. |
Number |
|
|
Entra ID joined devices |
Indicates the number of devices directly joined to Entra ID (Azure AD). |
Number |
|
|
Unknown join type devices |
Indicates the number of devices whose directory join type could not be determined. |
Number |
|
|
Devices with one or more compliance policy |
Indicates the number of devices that have at least one or more compliance policies assigned. |
Number |
|
|
Devices without any compliance policy |
Indicates the number of devices that are not assigned with any compliance policy. |
Number |
A high value for this measure indicates that many devices are not governed by compliance policies which leads to potential risks such as weak configurations, or unauthorized access, reducing the overall security and compliance assurance of the environment. |
|
Compliance policy coverage |
Indicates the percentage of devices that are covered by compliance policies. |
Percent |
A high value is desired for this measure. |