Forum Discussion
Matching SharePoint machine ID to Intune
The plot thickens on this one. So I was investigating another incident this morning and copied the machine id and checked it against Intune. Looking at the hardware properties for the users machines I found an attribute called UDID which is a perfect match 😄
Problem is, this attribute is not exposed in the graph api from what I can see so far using the https://graph.microsoft.com/v1.0/users/UPN/managedDevices query (same with beta).
This device was a Mac and this attribute looks to be unique to them. No attributes for Windows have matching Machine IDs.
Machine ID is only an attribute on the FileSyncDownloadedFull operation which isn't a massive deal but it would be nice to be able to correlate Machine IDs with FileDelete and FolderDelete operations too so you can be sure if a mass delete happened from a managed device or not.
Is it possible to have this UDID attribute exposed to the graph api or is there another query I should be using?
https://github.com/MicrosoftDocs/azure-docs/issues/55589
I haven't found anything with it, I have opened up a support case
- endakellyJul 17, 2020Brass Contributor
Thijs Lecomte did you ever get a reply to the support ticket?
- Thijs LecomteJul 17, 2020Bronze ContributorYeah, there is currently no way...
I have launched a UserVoice and I am also in contact with a Sharepoint PM.
https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/40902784-machine-id-correlation
- endakellyJun 04, 2020Brass ContributorI submitted an idea to the graph uservoice as well https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/40585561-expose-macos-udid-via-api