Forum Discussion

dilanmic's avatar
dilanmic
MCT
Nov 12, 2024

Monitor logical disk space through Intune

 

Hi All,

 

We have a requirement to monitor low disk space, particularly on devices with less than 1GB of available space. We were considering creating a custom compliance policy, but this would lead to blocking access to company resources as soon as the device becomes non-compliant. Therefore, we were wondering if there are any other automated methods we could use to monitor the logical disk space (primarily the C drive) using Intune or Microsoft Graph.

 

Thanks in advance,

Dilan

compliance management
microsoft intune
security

1 Reply

  • Lucaraheller's avatar
    Lucaraheller
    MCT
    Feb 06, 2026

    Using a compliance policy is not ideal for disk space monitoring because, as you mentioned, it directly impacts Conditional Access and can unintentionally block users.

    There are better approaches within the Microsoft ecosystem that allow monitoring without enforcing access restrictions.

    Option 1 – Proactive Remediations (Recommended)

    If you have Microsoft Intune (Endpoint Analytics enabled), you can use Proactive Remediations.

    You can deploy a detection script that checks free space on the C drive, for example:

    • Query Win32_LogicalDisk
    • Calculate free space in GB
    • Return non-compliant status if below 1 GB

    Instead of blocking access, you can:

    • Log the result
    • Send output to Endpoint Analytics
    • Trigger a remediation script (optional)
    • Integrate alerts via Log Analytics

    This gives visibility without affecting Conditional Access.

    Option 2 – Intune + Log Analytics (Advanced Monitoring)

    If devices are onboarded to Defender or Azure Monitor:

    • Send device telemetry to Log Analytics
    • Query disk free space via KQL
    • Create an Azure Monitor alert rule when free space < 1 GB

    This is scalable and works well in enterprise environments.

    Option 3 – Custom Device Configuration + Scheduled Task

    You can deploy a PowerShell script via Intune that:

    • Checks disk space periodically
    • Writes event logs
    • Sends data to a central endpoint (e.g., Log Analytics)

    Then build alerting outside compliance policies.

    Option 4 – Microsoft Graph API (Inventory Polling)

    You can query device inventory using Microsoft Graph, but note:

    Graph device resource does not natively expose real-time disk free space unless combined with advanced reporting (e.g., Defender or Analytics data).

    So Graph alone is not ideal unless you are pulling from Endpoint Analytics datasets.

    Recommended Architecture

    For your scenario (monitor only, no block):

    Use Proactive Remediations with a detection-only script and push results to Log Analytics or monitor via Endpoint Analytics reports.

    This avoids:

    • Breaking access via Conditional Access
    • Marking devices non-compliant
    • Impacting productivity

    Key point:

    Compliance policies should be used for security posture enforcement, not operational health metrics like disk space.

Resources