Create a hardware inventory with the Microsoft Assessment Planning Toolkit (often underestimated)!
Dear Microsoft/Windows friends, In this article I want to show you a way how to create a hardware inventory with the Microsoft Assessment and Planning Toolkit (MAP)! Boah, boring! No, absolutely not. Here is the situation I encountered: A new customer needed to inventory all their systems (all members of an Active Directory). Sure, there are many great products that can do this (some are not free though). But would you have thought that the Microsoft Assessment and Planning Toolkit could do this as well? And the tool is free of charge! Rock n' Roll! The MAP tool uses WMI for Windows investigation and SSH for Linux. Since there were only Windows systems at the customer, I focus on WMI (I think you can adapt this to SSH very easily). Fortunately, Windows Server (2012 and later) already has WinRM turned on. This is not the case with the Windows client systems, so we first create a GPO before we start with the MAP tool. Navigate to a domain controller and please launch the Active Directory Users and Computers tool. Locate the organizational unit with the client systems. (Unfortunately I can only show you german screenshots here, Sorry) So we know where to link the group policy object. Then start the group policy management. Create a new GPO with the name for example "WinRM Settings". In this GPO I have made the following settings (in the open GPO navigate to the computerconfiguration => Windows-Components). Let's move to the next settings: If your systems are in a workgroup you can use the following in PowerShell (with admin privileges): Set-WSManQuickConfig -Force Now you just need to link the GPO to the correct organizational unit. In order for the GPO to be processed by all systems, I recommend that you wait a day or two. This way there is a chance that all systems have processed the GPO. If your environment is not that big you can use gpupdate /force in a CMD (with admin rights). Now it's time to install the MAP Toolkit (I used a Windows client system which is a member of the domain). You can find the tool via the following link: https://www.microsoft.com/en-us/download/details.aspx?id=7826 Navigate to the folder where you downloaded the tool. Double click on the .exe file and simply click through. When you start MAP for the first time, you must specify a name for the database that will be created. Now navigate to "Environment" on the left side and click on "collect inventory data". It starts the wizard and in the following screeshots I show you what I configured. Of course you can adjust all settings for your needs. Very important are the credentials you can specify in the wizard. Make sure that you have enough rights so that the tool can actually collect the information. My point in this example is to give you an idea. Now the assessment starts and afterwards we receive our report. Click "Inventory Result" when the scan is complete. Navigate to the right side and click on "Generate...." and an Excel file will be created. Open this file and you will have a great inventory to work with. Here is a compact (not complete) excerpt from my inventory, which is available as an Excel file. Hope you are as happy with the result as I was? Thank you for taking the time to read this article. I hope this article was useful. Best regards, Tom Wechsler
Device Inventory in the Microsoft Environment
The introduction of enhanced Device Inventory in Intune has been eagerly awaited by several teams within our organization. The inventory data, along with CMPivot-like real-time and cached query functionality provided by the Intune data platform, represent significant advancements. These improvements fulfill the promises of cloud-native management and establish a foundation for future developments, such as Copilot integration, cross-platform support, and integrated device actions. Device Inventory The initial capabilities in this area emerged in early 2024 with Single Device Query, introducing the ability to perform real-time queries on a Windows device. This was further developed with Device Inventory, which implemented inventory collection through a Properties Catalog policy applicable to multiple devices. The data collected by an agent on managed devices is made available in the Resource Explorer blade for individual devices. The Data platform schema specifies each supported Entity and its applicability to Inventory and Device Query scenarios. The processing of the Properties Catalog policy on a device eventually results in a CSP firing off to install the “Microsoft Device Inventory Agent”, which appears in Add/Remove Programs and is registered as a Windows Service (InventoryService). The main install directory is %ProgramFiles\Microsoft Device Inventory Agent, which also contains a Logs folder useful for troubleshooting. The Intune Diagnostics data collection also has been updated to pick up Inventory logs. The agent leverages a SQLite DB for its operations, tracking periodic local changes and then performing a daily upload. This is independent of any device sync activity. Intune Admins can rely on the Discovered Apps report to keep track of Agent install counts. Like the Intune Management Extension and EPM agents, agent upgrades occur without any explicit Admin/end-user involvement. The Properties Catalog policy report also has per-property inventory state for each device. The internal Intune environment at Microsoft is typically the first at-scale tenant where major features like Device Inventory are validated. Engineering teams frequently rely on the environment for validation across individual features, scale/perf and end-user experience (hence “Customer Zero”). The initial waves of rollout in our environment for pre-release versions of the agent were gated to devices in the tens of thousands. The targeting was then switched over to “All Devices” to simulate the at-scale rollout that would be expected in most customer environments. Randomization is factored into the initial Inventory upload, so across our major expansion we did not see issues reported from end users relating to local/network perf. Oddly, we encountered a somewhat painful bug relating to a high CPU condition on agent upgrade, which was addressed quickly. Our team still sees this as a win as internal validation prevented this issue from hitting customer tenants. Multi Device Query Device Query for Multiple Devices relies on the inventory data uploaded by devices and introduces the capability to write custom queries to gather insights on device configuration. The Kusto Query Language (KQL) query editor supports IntelliSense and has a parser tuned for this scenario. Docs call out the set of operators currently supported. Joins between entities follow a natural/implicit style where the join field is automatically configured to be the DeviceId with join type of innerunique. The Device entity is also linked to by default, which allows for core Device attributes to be used (example below). Please see additional info on current query and join limits here. The returned result set supports dynamic paging to automatically refresh the UI for any large outputs. There is a ~40 min cache retention where the same query re-run within a session is expected to pull data directly from a cache. In our environment, we treat the Managed Devices -> Query permission as an elevated permission, so standing access is not allowed and a separate Group based PIM needs to be activated for access. Copilot Integration (in development) Copilot in Intune integration for Multiple Devices builds on the previously released capability for Single Device queries. Copilot simplifies query authoring via the Natural Language to KQL skill. This is an absolute timesaver for those new to KQL or the Device Query schema or those that prefer Copilot build an initial query that can be further refined. Recently, we had an issue that caused some duplicate device records to appear in Device Query. As seen with the prompt below, Copilot not only understands the exact entity properties to leverage but also creates the KQL compliant query. Query Output Conclusion We hope this post helps with your own implementations of Device Inventory, Device Query and Copilot in Intune. We look forward to sharing more on our implementation as new capabilities emerge.
