Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Azure AD join device list export

Copper Contributor

Hi all,

Can you please help me to export Azure AD join device list from azure portal?

 

 

Thanks and Regards,

Shubham Kumar

 

14 Replies
best response confirmed by Shubham kumar (Copper Contributor)
Solution

Hi Shubham,

You can get a list of Azure AD joined devices through the Get-MsolDevice cmdlet in Powershell.

https://docs.microsoft.com/en-us/powershell/module/msonline/get-msoldevice?view=azureadps-1.0

The Get-MsolDevice -All -ReturnRegisteredOwners cmdlet will output a list of all devices and their owners which contain the output DeviceTrustType which is the device trust type. The value could be one of the following: Workplace Joined, AzureAD Joined, Domain Joined.

All you need to do is combine this with an export command such as | Export-Csv C:\Temp\LicensedUsers.csv and this should give you the list.

 

AFAIK, there isn't a way to do this through the portal currently.

 

Best, Chris

When i try to export the list with registeredowners i am getting 

System.Collections.Generic.List`1[System.String]

in the output. can you help me provide the correct expression?

Has there been any more answers on this?  I am getting the same issue when running the commands. @Praneeth Rajalingari @Christopher Hoard 

I am also getting System.Collections.Generic.List`1[System.String] for the registered owners.  I've tried various methods to get the data to populate, however, since the username is behind {} it never seems to want to populate correctly.  Is the output an array of some sort, or just a generic text output?  I need this to more accurately control my inventory. @Christopher Hoard 

Hi guys,

Personally, I would recommend to raise a ticket for this if you are having issues with it. I have never experienced this issue so can't say what could be causing this.

Best, Chris

@jamesOnco360Wondering if anyone has resolved the issue with returning the 

System.Collections.Generic.List`1[System.String]

 result for Registered owners (instead of the UPN) when running the Azure AD Get-MSolDevice script and exporting to csv.  Thanks! @Christopher Hoard 

Not to my knowledge.@LD970 

@LD970

Does this produce the desired result?

Connect-MsolService

$TStamp = $(get-date -f MM-dd-yyyy_HH_mm_ss)

$Devices = Get-MsolDevice -All -ReturnRegisteredOwners -IncludeSystemManagedDevices
$DeviceInfo = @()

foreach ($Device in $Devices) {
    $DeviceInfo += [PSCustomObject]@{
        "DisplayName" = $Device.DisplayName
        "DeviceTrustType" = $Device.DeviceTrustType
        "DeviceTrustLevel" = $Device.DeviceTrustLevel
        "DeviceOS" = $Device.DeviceOsType
        "DeviceVersion" = $Device.DeviceOsVersion
        "RegisteredOwner" = $($Device.RegisteredOwners)
        "LastLogon" = $Device.ApproximateLastLogonTimestamp
        "LastDirSync" = $Device.LastDirSyncTime
        "DeviceID" = $Device.DeviceId
        "ObjectID" = $Device.ObjectId
    }
}
$DeviceInfo | Export-Csv -NoTypeInformation .\"Device Info - $TStamp.csv"

@kennedy_shane I think it does but why do things in 15 lines when you could do it in one :happyface: 

 

 

Get-MsolDevice -All -ReturnRegisteredOwners -IncludeSystemManagedDevices | Select-Object *,@{Name='RegisteredOwnersToString';Expression = {$_.RegisteredOwners.Normalize()}} | Export-Csv devices.csv

 

@Christopher HoardVery easy, very nice, thanks for the short Oneliner..

But how to make, if i have to read more than thousand devices?

@kennedy_shane 

 

We can export all information using this cmd as well: Get-MsolDevice -All | Export-CSV .\Devices.csv

However, I need the exact Particulars as highlighted in the below screenshot. Is it possible?

AADDevices.png

 

Your quick response will be highly appreciated. Thank you

I'm trying to export this information from Azure too.  @Global_Admin .  get-msoldevice does not return the same values.  Is 'domain joined' equivalent to Hybrid Azure AD joined?

 

Mike

@Joshua Bines Thanks for this code. I was able to get an export of all of my devices with RegisteredOwnersToString. Any idea how to import this and and filter it even further? Ultimately I want to find all Workplace Joined devices that aren't owned by a particular account (DEM account) and remove them from Azure. My first step is to just filter out those devices.

 

I've tried importing the csv I exported with your code:

 

$Device = Import-Csv C:\temp\12345.csv
$Device | ForEach-Object {Get-MsolDevice -all | Where-Object {$Device.DeviceTrustType -eq "Workplace Joined" -and ($Device.RegisteredOwnersToString -eq "account.name@domain.com")}}| Export-CSV -path c:\temp\filtered.csv

I've got a loop that keeps growing the filtered.csv file and it's not filtering out anything. 

 

I'm a Powershell novice so I'm trying to apply PS commands I've used in the past for other things to my current needs. 

 

Thanks for any help.

@delvalboyboy I'm glad it helped. If you have the export with the data you need I don't think you need to pull the same data again. I think should work and will be much faster. 

 

$Device = Import-Csv -Path "devicestest.csv"
$Device | ?{($_.DeviceTrustType -eq "Workplace Joined") -and ($_.RegisteredOwnersString -eq "User@consto.com")}

 

Or if your not up for PS... opening the CSV with excel and using the filter option could work just as well if the csv has all the data you require. Good luck! J

 

1 best response

Accepted Solutions
best response confirmed by Shubham kumar (Copper Contributor)
Solution

Hi Shubham,

You can get a list of Azure AD joined devices through the Get-MsolDevice cmdlet in Powershell.

https://docs.microsoft.com/en-us/powershell/module/msonline/get-msoldevice?view=azureadps-1.0

The Get-MsolDevice -All -ReturnRegisteredOwners cmdlet will output a list of all devices and their owners which contain the output DeviceTrustType which is the device trust type. The value could be one of the following: Workplace Joined, AzureAD Joined, Domain Joined.

All you need to do is combine this with an export command such as | Export-Csv C:\Temp\LicensedUsers.csv and this should give you the list.

 

AFAIK, there isn't a way to do this through the portal currently.

 

Best, Chris

View solution in original post