AzureFeeds

Proactively manage and secure all your devices — whether they run Windows, macOS, iOS, or Android. With cross-platform analytics, multi-device queries, and in-depth troubleshooting tools, you can pinpoint problems fast and take targeted action at scale. 

Even without deep technical expertise, you can generate complex queries, identify vulnerabilities, and deploy remediations — all in a few clicks. With built-in Copilot support, daily tasks like policy validation, device comparison, and risk analysis become faster, smarter, and easier to act on. 

Jeremy Chapman, Director of Microsoft 365, shares how to stay ahead of potential issues and keep endpoints running smoothly. 

Spot and fix performance issues before users contact support. 

Use Advanced Analytics in Microsoft Intune. Check it out.

No KQL skills needed.

Use Copilot in Intune to write complex queries — just describe what you want. See it here.

Use Copilot in Intune to save time. 

Get policy impacts on experiences, see what individual settings do without searching, and get help with obscure error codes. Get started.

QUICK LINKS: 

00:00 — Optimize Intune 

01:22 — Advanced Analytics 

02:24 — On-demand analytics 

03:55 — Multi-Device Query 

04:43 — Single Device Query 

05:45 — Vulnerability Remediation Agent 

07:57 — Copilot in Intune 

09:18 — Wrap up

Link References 

Get started at https://aka.ms/CopilotinIntune 

Check out Device Query at https://aka.ms/DeviceQueryinIntune 

Unfamiliar with Microsoft Mechanics? 

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. 

• Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries 


• Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog


• Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social: 

• Follow us on Twitter: https://twitter.com/MSFTMechanics 


• Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/


• Enjoy us on Instagram: https://www.instagram.com/msftmechanics/


• Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Proactively ensuring that your device endpoints stay up and running while remaining policy-compliant is only possible with access to current device-level data and analytics. Today, I’ll show you how data-driven driven decisions are now possible across device platforms with the cloud-based endpoint management platform, Microsoft Intune, and its advanced analytics that help inform the actions you take, enabling advanced management for iOS, Android, macOS, and Windows devices, along with AI-powered options to discover and resolve issues using Microsoft Security Copilot and new agents with Intune. 

-Of course, the primary goal of device management is to eliminate downtime while maintaining secure access to the resources people need on their managed computers and phones. If done right, this should also lead to fewer support calls. Intune now makes it easy to query granular information about your cross-platform devices, to find data-derived insights. In fact, with Intune you have the data you need at multiple levels to manage your devices. It starts with Advanced Analytics to get proactive insights across your endpoints. Multi-Device Query then lets you query across platforms on-demand, and Single Device Query shows you real-time information for running processes, drivers, and more per device. 

-Let me show you how it all works together, starting with Advanced Analytics. I’ll start with tenant-level Reports under Endpoint Analytics. Here, you can see the health status of all managed devices, and in my case, things look pretty good. 

-That said, there are opportunities to improve Startup Performance. And on the right, I see insights and recommendations that I can address immediately. For example, these two here are showing above average CPU and RAM spike times. And if we dig into this recommendation, I can see these three devices on top have a low score under 50 for CPU spike time, and this one also has a bad RAM spike time score. If I take a look at the CPU and RAM specs here in this column, these might be too low for this user. I can drill into this specific device for more details on its user experience, and we can see it’s consistently spiking over time. And I can use this information then to increase the Cloud PC spec. This is a great example of getting ahead of issues with proactive analytics. And beyond that, I can also do on-demand analytics using multi-device query. This goes beyond the single device querying that you might have used in CM Pivot. It allows you to query multiple devices, across platforms, from iOS and Android, to macOS and Windows, and is great for querying thousands of devices, based on their attributes. 

-For example, let’s say I want to update a policy for personally-owned devices enrolled last year or earlier that are currently noncompliant. That’s where multi-device query comes in. I’m at the All Devices level and in Device Query. And you can see that there are cross-device options for several different property categories. And by expanding the Device property set, I can see a ton of options for devices. So, I’m going to write the query, “Device.” Then add a condition for enrolled date/time using this “Where” clause to find devices enrolled prior to this date. 

-Now I’ll type in another for “personal” device ownership and the one more to find “noncompliant” devices. Let’s go ahead and run it. And here are all of my results. You’ll see that they span across all OS platforms with macOS, Windows, Android, and iOS from a variety of manufacturers. The if I scroll to the right, you can see our Enrolled Date field. Then a few over from there, you see the Ownership and Compliance info as queried as well. Multi-device query uses information that refreshes daily for online managed devices. And importantly, if you aren’t fluent in KQL, that’s okay, because using Copilot in Intune, it can help you author both multi- and single-device queries. So I’ll open up “Query with Copilot.” Then I’ll prompt it with “Find personally owned devices enrolled last year or earlier that are noncompliant.” That will take a moment to process, and once it returns a response, I can see the details of the query. You’ll see that the datetime syntax here is a little different than mine from before, but both work the same. 

-From here, I can even run it. And it’s outputted the same list of devices as before without me needing to know to how to write the KQL for it. That’s multi-device query. Now for single devices you can also query them individually using Device Query, and a big difference is that the information that you’re querying is real-time and there’s more granularity available, so it’s great for troubleshooting a single device. 

-From the devices view, this time I’ll navigate to a single device, this one, JOBA DQ. Then at the bottom under Monitor, you’ll see Device query. So I’ll open that. As you can see, this looks a lot like the multi-device query that we just saw, and it uses the same KQL interface. What’s great about Single Device query is that you can also query all of the currently running processes and you have a lot more Windows-related options for drivers, events, querying the registry, services and more. In my case, I’ll just run “Process” to enumerate what’s running on this machine. And it returns all of the running processes. And again these are reporting back in real time, kind of like Task Manager or Process Monitor would do running locally in Windows, but it’s right here in the Intune admin center. 

-Next, let’s move on to how data-driven management gets even more powerful when addressing security vulnerabilities. For this, I’m going to use the new Vulnerability Remediation Agent with Copilot in Intune. But, instead of starting in Intune, I’ll start in Microsoft Defender. But don’t worry, if you’re not the person who typically uses Defender, that’s okay, and I’ll show you why in a minute. I’m in Exposure Management and Recommendations and the Vulnerabilities view for devices, and in the Security recommendations list at the bottom here, I can see a few actions that my device management team would need to take. This one here for the Relecloud sync client looks like it needs an update. The impact is high, and there are quite a few exposed devices, and some of them are critical. If I click into it, I can see even more details. And in the Exposed devices tab, the three on top are “critical.” Moving to the Associated CVEs tab, I see that there are 49 known vulnerabilities associated with this app. 

-As you can see, it’s pretty important that we deploy this update. So how does this visibility translate into the Intune admin center that I use for endpoint management? Well, that’s where the new Vulnerability Remediation Agent comes in. I can access it from Intune’s home screen. That takes me to the Endpoint security blade in the Agent overview tab. Now I’ve already deployed this agent to run daily and look for vulnerabilities and prioritize them for remediation. It looks like there is a run in progress that was just kicked off. Now the agent run takes a few minutes to process all the vulnerabilities and to find matching impacted devices. 

-Once the run is complete, I can see its suggestions. And you’ll see that the top suggestion matches what we saw earlier in Microsoft Defender. So I’ll review it for additional details about its evaluation. Now on top, there’s a suggested action. Again, this is consistent with what we saw in Defender before, except now I can actually do something about it myself and deploy the fix right from Intune. That also means that any action the agent recommends also requires approval from an Intune admin. This is the first of its kind agent for Intune with more on the way. And for more data-driven management, Copilot in Intune with its capabilities across the admin center can save you time with other common daily tasks. 

-Beyond what I showed earlier, where it helped me author KQL queries, Copilot also gives you the information needed to manage and troubleshoot your configuration policies and devices. First, in policies, you can use Copilot to assess the impact of a policy and the settings contained within it. And for individual settings, Copilot can tell you what each one does with a lot of detail. It can analyze individual devices and identify potential issues, based on what’s configured and running on each device. 

-In the prompt guide menu, I can find even more options to use with Copilot. In fact, one of my favorite capabilities is when you have two similar devices, but only one has an issue. In this case, Copilot can compare each device configuration and figure out the differences between them to help you to isolate potential issues. Copilot also gives you general help when looking up error codes to understand them. Additionally, for Endpoint Security, you can also use Copilot with Endpoint Privilege Management to identify potential app risks and get details about why an app may be compromised. And for your Surface devices, from the Surface Management Portal, Copilot can be used to quickly generate device insights. 

-So that’s how integrated device and security data in Microsoft Intune helps you make informed data-driven decisions to keep your devices running, secure, and compliant with the policies you set. To find out more, check out aka.ms/CopilotinIntune and aka.ms/DeviceQueryinIntune to see what else it can do. Keep watching Microsoft Mechanics for the latest updates from Microsoft, and we’ll see you soon.