Devices
Reports on Devices from Entra ID
Last updated
Reports on Devices from Entra ID
Last updated
The Devices Reports section of Bsure Insights provides valuable insights into your organization's device ecosystem. The section revolves around devices registered with Microsoft Entra ID.
An Entra ID device is a physical or virtual endpoint - such as laptops, desktops, mobile phones, or tablets - that is registered or joined to your Entra ID tenant. These devices can be user-owned (registered) or organization-owned (joined, either Microsoft Entra joined or Microsoft Entra hybrid joined), and may be managed through solutions like Microsoft Intune, enabling secure access to corporate resources and enforcement of IT policies.
Microsoft documentation: What is a device identity?
All device data in the reports are collected from the /devices Microsoft Graph endpoint.
In Microsoft Entra, this data is found in the All devices view:
Currently, we do not collect data from Intune.
Intune has its own Microsoft Graph endpoint, /deviceManagement
In the future we will use this endpoint to add more information about managed devices.
The properties we collect, and the name we use in reports
Device Name
displayName
The display name for the device.
Owner
registeredOwners
The users or service principals that are registered as owners of the device.
Registered
registrationDateTime
Date and time of when the device was registered.
Last Seen
approximateLastSignInDateTime
The timestamp representing the last time the device signed in.
Days Not Seen
Calculated as the difference between the current date and the approximateLastSignInDateTime.
Join Type
trustType
Type of trust for the joined device. Possible values: Registered, Joined, Hybrid joined
OS
operatingSystem
The type of operating system on the device.
Version
operatingSystemVersion
The version of the operating system on the device.
Enabled
accountEnabled
True if the account is enabled; otherwise, false.
Enrollment Type
enrollmentType
Enrollment type of the device. Intune sets this property. Possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement, windowsAzureADJoinUsingDeviceAuth, appleUserEnrollment, appleUserEnrollmentWithServiceAccount. Note: This property might return other values apart from those listed.
Compliant
isCompliant
True if the device complies with Mobile Device Management (MDM) policies; otherwise, false.
Managed
isManaged
True if the device is managed by a Mobile Device Management (MDM) app; otherwise, false.
Ownership
deviceOwnership
Ownership of the device. Intune sets this property. Possible values are: unknown, company, personal.
Manufacturer
manufacturer
Manufacturer of the device.
Model
model
Model of the device.
MDM
managementType
The management channel of the device. This property is set by Intune. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController.
Enrollment Profile
enrollmentProfileName
Enrollment profile applied to the device. For example, Apple Device Enrollment Profile, Device enrollment - Corporate device identifiers, or Windows Autopilot profile name. This property is set by Intune.
Device Status
This is determined based on approximateLastSignInDateTime. A device is considered "Inactive" if it has not been seen 90 days.
Rooted
isRooted
True if the device is rooted or jail-broken; otherwise, false.
Windows Support
This is determined by comparing the operatingSystemVersion to Microsoft’s official Windows support lifecycle data. A device is marked as "Supported" or "Unsupported" based on whether its version is still within Microsoft’s support period.
Windows Release
This is extracted from the operatingSystemVersion to identify the specific Windows release for better categorization.
Windows Build
This is extracted from the operatingSystemVersion to display the specific build number of the Windows operating system
End of Life
This is determined by comparing the operatingSystemVersion to Microsoft’s end-of-life support dates. It indicates whether the device’s OS version has reached or passed its end-of-support date.
Windows Type
This is inferred from the operatingSystemVersion and other properties to categorize the Windows edition (e.g. Windows 10, Windows 11)
