Advanced analytics multi-platform hardware collection

OCD77 Ephelios 0 Reputation points
2026-06-29T12:43:30.83+00:00

Intune has dramatically expanded its hardware inventory capabilities, collecting 32 properties for Android and 74 properties for Apple devices. How do we write a Kusto query inside Advanced Analytics to proactively flag mobile devices whose internal SIM cards or physical serial numbers don't match our corporate purchase manifest?

Windows for business | Windows 365 Enterprise
0 comments No comments

1 answer

Sort by: Most helpful
  1. VPHAN 38,270 Reputation points Independent Advisor
    2026-06-29T13:20:01.0333333+00:00

    Hi OCD77 Ephelios,

    To cross-reference Intune mobile hardware properties against an external corporate manifest, you cannot use native Intune Device Queries because they cannot ingest external files. Instead, you must route Intune inventory logs to an Azure Log Analytics Workspace via Intune Diagnostic Settings. Once the data streams into Azure, you can use a Kusto query with the externaldata operator to pull your procurement manifest from a secure Azure Blob Storage URI and perform a left outer join against the IntuneDevices table, allowing you to instantly isolate and flag unauthorized serial numbers, IMEIs, or SIM cards.

    Hope this answer has brought you some useful information. If it did, please hit “accept answer”. Should you have any questions, feel free to leave a comment.

    VPHAN

    Was this answer helpful?

    0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.