Forum Discussion

nabi04's avatar
nabi04
Brass Contributor
Apr 03, 2023

How to get user's device info in MS Graph?

I am trying to determine what operating system a user is using upon login, whether Mac or Windows. Is there a query on getting it from MS Graph API?

  • josequintino's avatar
    josequintino
    Iron Contributor
    Hi nabi04 Yes, you can use the Microsoft Graph API to retrieve device information, including the operating system, for users in your organization. To get this information, you'll need to query the registered devices for a specific user. First, make sure you have the necessary permissions to access the user's device information. You'll need one of the following permissions: Device.Read.All Device.ReadWrite.All Directory.Read.All Directory.ReadWrite.All Once you have the required permissions, you can use the following API call to get the registered devices for a specific user: GET https://graph.microsoft.com/v1.0/users/{id}/ownedDevices Replace {id} with the user's unique identifier (userPrincipalName, email, or objectId). The response will include information about the user's devices, such as the operating system and other device properties. Here's an example of what the response might look like: { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('user_id')/ownedDevices", "value": [ { "id": "device_id", "userId": "user_id", "deviceOSType": "Windows", "deviceOSVersion": "10.0.18363.1082", "displayName": "User's PC", "approximateLastSignInDateTime": "2023-04-01T14:00:00Z" }, { "id": "device_id", "userId": "user_id", "deviceOSType": "macOS", "deviceOSVersion": "10.15.7", "displayName": "User's MacBook", "approximateLastSignInDateTime": "2023-04-02T10:00:00Z" } ] } You can then parse the JSON response to extract the required information, such as the operating system type and version. Please note that this query will return information about all the devices owned by the user. To determine which device the user is currently using, you might need to correlate this information with sign-in logs or use other techniques to identify the active device.
    • nabi04's avatar
      nabi04
      Brass Contributor

      Hi josequintino I have tried your suggestion but the response was blank:

      {
      "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
      "value": []
      }

      This probably means that I don't have any managed devices in Azure. I tried using this query:

      https://graph.microsoft.com/v1.0/auditLogs/signIns

      "value": [
              {
                  "id": "xxxxx-xxxx-xxxxx",
                  "createdDateTime": "2023-03-16T10:31:57Z",
                  "userDisplayName": "xxxxx",
                  "userPrincipalName": "xxxxx",
                  "userId": "xxxx-xxxxx-xxxx",
                  "appId": "xxxx-xxxxx-xxxx",
                  "appDisplayName": "xxxxx",
                  "ipAddress": "xxxx.xxx.xx.xxx",
                  "clientAppUsed": "Browser",
                  "deviceDetail": {
                      "deviceId": "",
                      "displayName": "",
                      "operatingSystem": "Windows 10",
                      "browser": "Edge 111.0.1661",
                      "isCompliant": false,
                      "isManaged": false,
                      "trustType": ""
                  },
           ]

       But I cannot query to fetch only the "operatingSystem". Do you know how can I parse through this JSON response?

      • josequintino's avatar
        josequintino
        Iron Contributor
        Hi nabi04
        Sure, to parse the JSON response and extract the operatingSystem property for each sign-in event, you can use a programming language like Python, JavaScript, or any language that supports JSON parsing. I'll provide examples for both Python and JavaScript.

        Python example:

        import json

        response = '''
        {
        "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
        "value": [
        {
        "id": "xxxxx-xxxx-xxxxx",
        "createdDateTime": "2023-03-16T10:31:57Z",
        "userDisplayName": "xxxxx",
        "userPrincipalName": "xxxxx",
        "userId": "xxxx-xxxxx-xxxx",
        "appId": "xxxx-xxxxx-xxxx",
        "appDisplayName": "xxxxx",
        "ipAddress": "xxxx.xxx.xx.xxx",
        "clientAppUsed": "Browser",
        "deviceDetail": {
        "deviceId": "",
        "displayName": "",
        "operatingSystem": "Windows 10",
        "browser": "Edge 111.0.1661",
        "isCompliant": false,
        "isManaged": false,
        "trustType": ""
        }
        }
        ]
        }
        '''

        data = json.loads(response)
        for sign_in in data["value"]:
        operating_system = sign_in["deviceDetail"]["operatingSystem"]
        print(operating_system)

        JavaScript example:

        const response = `
        {
        "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
        "value": [
        {
        "id": "xxxxx-xxxx-xxxxx",
        "createdDateTime": "2023-03-16T10:31:57Z",
        "userDisplayName": "xxxxx",
        "userPrincipalName": "xxxxx",
        "userId": "xxxx-xxxxx-xxxx",
        "appId": "xxxx-xxxxx-xxxx",
        "appDisplayName": "xxxxx",
        "ipAddress": "xxxx.xxx.xx.xxx",
        "clientAppUsed": "Browser",
        "deviceDetail": {
        "deviceId": "",
        "displayName": "",
        "operatingSystem": "Windows 10",
        "browser": "Edge 111.0.1661",
        "isCompliant": false,
        "isManaged": false,
        "trustType": ""
        }
        }
        ]
        }`;

        const data = JSON.parse(response);
        data.value.forEach((signIn) => {
        const operatingSystem = signIn.deviceDetail.operatingSystem;
        console.log(operatingSystem);
        });

        Both of these examples parse the JSON response and iterate over the sign-in events in the value array. They then extract the operatingSystem property from the deviceDetail object and print it.

        Note that these examples assume you already have the JSON response as a string. In practice, you would fetch the data from the Microsoft Graph API using an HTTP library, such as requests in Python or fetch in JavaScript, and then parse the response accordingly.