Bsure Documentation
back to bsure.io
  • Welcome
  • Installation
    • Overview
    • Prerequisites
    • Installation Instructions
  • Technical Description
    • Design Principles
    • Azure Managed Application
    • Permissions Required
    • Security​
      • Public IP and Storage Account Key considerations
    • Technical Architecture
    • Dataflow and visibility
  • User guides
    • Overview
    • Main Dashboard
    • Users
      • Dashboard
      • Members
      • Guests
      • Data Quality
      • Properties
      • Sign-in Map
      • Sign-in Locations
      • Drilldown
    • Microsoft Licenses
      • Cost Dashboard
      • Licenses Overview
      • Subscription Overview
      • Inactive and Disabled Users
      • Overlapping licenses
      • Cost Allocation
      • Drilldown
      • Price Settings
      • Add Your Own Prices
        • Average SKU Price Calculator
    • Applications
      • Usage
      • Cost
      • Sign-in Locations
        • Successful sign-ins from blocked countries?
    • Groups
    • Security
      • Dashboard
      • Authentiation Methods
      • Entra ID Roles
      • Service Principals
    • Devices
      • Windows Dashboard
      • Windows Inactive Devices
      • Windows OS
      • Windows Management
      • Devices per Person
      • Drilldown
    • Share the Power BI App
      • Share App only
      • Give Access to the Power BI Workspace
      • Share the Storage Account Access Key
      • Share with External Users
    • Update Power BI App
    • Glossary
  • Pricing & Billing
    • Pricing
    • Billing
  • Support
    • Support
    • Frequently Asked Questions
    • Troubleshooting
    • Release Notes
    • New features
      • User purpose property
  • Partners
    • Partner sell an offering including the app to the customers
    • Customer have a strict data protection regime
    • Partner uses the app without customer knowledge
    • General considerations
  • Policies
    • Privacy Policy
    • Terms & Conditions
  • RECOMMENDED ACTIONS
    • Recommended actions
      • Review Entra ID role assignments and create a strategy to offer such roles
      • Review and remove all inactive or unwanted accounts
        • Bulk deletion of users in Entra ID
      • Protect all users with MFA
      • Review and clean up applications with excessive permissions
Powered by GitBook
On this page
  • Introduction
  • Data Source
  • Properties
  1. User guides

Devices

Reports on Devices from Entra ID

PreviousService PrincipalsNextWindows Dashboard

Last updated 1 month ago

Introduction

The Devices Reports section of Bsure Insights provides valuable insights into your organization's device ecosystem. The section revolves around devices registered with Microsoft Entra ID.

An Entra ID device is a physical or virtual endpoint - such as laptops, desktops, mobile phones, or tablets - that is registered or joined to your Entra ID tenant. These devices can be user-owned (registered) or organization-owned (joined, either Microsoft Entra joined or Microsoft Entra hybrid joined), and may be managed through solutions like Microsoft Intune, enabling secure access to corporate resources and enforcement of IT policies.

Microsoft documentation:

Data Source

All device data in the reports are collected from the Microsoft Graph endpoint.

In Microsoft Entra, this data is found in the view:

Properties

The properties we collect, and the name we use in reports

Name in reports
Property
Description

Device Name

displayName

The display name for the device.

Owner

registeredOwners

The users or service principals that are registered as owners of the device.

Registered

registrationDateTime

Date and time of when the device was registered.

Last Seen

approximateLastSignInDateTime

The timestamp representing the last time the device signed in.

Days Not Seen

Calculated as the difference between the current date and the approximateLastSignInDateTime.

Join Type

trustType

Type of trust for the joined device. Possible values: Registered, Joined, Hybrid joined

OS

operatingSystem

The type of operating system on the device.

Version

operatingSystemVersion

The version of the operating system on the device.

Enabled

accountEnabled

True if the account is enabled; otherwise, false.

Enrollment Type

enrollmentType

Enrollment type of the device. Intune sets this property. Possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement, windowsAzureADJoinUsingDeviceAuth, appleUserEnrollment, appleUserEnrollmentWithServiceAccount. Note: This property might return other values apart from those listed.

Compliant

isCompliant

True if the device complies with Mobile Device Management (MDM) policies; otherwise, false.

Managed

isManaged

True if the device is managed by a Mobile Device Management (MDM) app; otherwise, false.

Ownership

deviceOwnership

Ownership of the device. Intune sets this property. Possible values are: unknown, company, personal.

Manufacturer

manufacturer

Manufacturer of the device.

Model

model

Model of the device.

MDM

managementType

The management channel of the device. This property is set by Intune. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController.

Enrollment Profile

enrollmentProfileName

Enrollment profile applied to the device. For example, Apple Device Enrollment Profile, Device enrollment - Corporate device identifiers, or Windows Autopilot profile name. This property is set by Intune.

Device Status

This is determined based on approximateLastSignInDateTime. A device is considered "Inactive" if it has not been seen 90 days.

Rooted

isRooted

True if the device is rooted or jail-broken; otherwise, false.

Windows Support

This is determined by comparing the operatingSystemVersion to Microsoft’s official Windows support lifecycle data. A device is marked as "Supported" or "Unsupported" based on whether its version is still within Microsoft’s support period.

Windows Release

This is extracted from the operatingSystemVersion to identify the specific Windows release for better categorization.

Windows Build

This is extracted from the operatingSystemVersion to display the specific build number of the Windows operating system

End of Life

This is determined by comparing the operatingSystemVersion to Microsoft’s end-of-life support dates. It indicates whether the device’s OS version has reached or passed its end-of-support date.

Windows Type

This is inferred from the operatingSystemVersion and other properties to categorize the Windows edition (e.g. Windows 10, Windows 11)

Currently, we do not collect data from Intune. Intune has its own Microsoft Graph endpoint, In the future we will use this endpoint to add more information about managed devices.

/deviceManagement
What is a device identity?
/devices
All devices
All devices in Microsoft Entra