First published on TechNet on Oct 04, 2016
Although for most administrators the Microsoft Intune administration console will be the primary method of looking at information in Microsoft Intune, developers and IT pros that have a level of technical knowledge to understand REST API calls may use Microsoft Graph to query data from the service backend of Intune. Microsoft Graph exposes multiple API’s from Microsoft cloud services through a single REST API endpoint ( https://graph.microsoft.com ). Using the Microsoft Graph, you can turn formerly difficult or complex queries into simple navigations. Microsoft Intune has data that can be queried through these APIs. The data retrieved from these calls show data on devices, users, groups, and apps as they appear in the Intune service backend and can be used to troubleshoot various issues to verify the status of those in the Intune service.
Connecting to Graph Explorer
To connect to the Graph Explorer use this link: https://graph.microsoft.io/en-us/graph-explorer
1. Sign into Graph using your Intune account in order to be able to run commands against user/device data in your tenant.
2. The interface uses GET and POST REST APIs to communicate with the service backend to retrieve data for various items. The commands are URLs but they won't work in a browser, you must use them in the Graph Explorer URL bar.
WARNING - Do not use the DELETE option as this will delete objects in the tenant you are signed in to.
Definitions
UPN - User Principal Name - this is the username with the domain (e.g. user@contoso.com)
DeviceId - GUID matching a device in Intune which is used to uniquely identify a device.
Managed - meaning the device is managed via a management authority i.e. Intune or Microsoft System Center Configuration Manager.
Compliant - the device meets the requirements enforced by the Intune service.
Graph Explorer Commands
Get data relating to a single user: https://graph.microsoft.com/v1.0/users/<user UPN> e.g. https://graph.microsoft.com/v1.0/users/user@contoso.com
Get data relating to the devices of a single user: https://graph.microsoft.com/v1.0/users/<user UPN>/ownedDevices
The following fields are important as they can help troubleshoot device related issues:
Find the owners of a device: https://graph.microsoft.com/v1.0/devices/deviceId_<DeviceGUID>/registeredOwners
The following fields are important:
Find the users of a device: https://graph.microsoft.com/v1.0/devices/deviceId_<DeviceGuid>/registeredUsers
The following fields are important:
List of apps uploaded to Intune: https://graph.microsoft.com/beta/applications
Example: Check the compliance state of a device in Intune
1. Go to https://graph.microsoft.com and sign in with your Intune credentials
2. Enter the command into the URL bar next to the GET dropdown to retrieve all the devices for a user using the UPN https://graph.microsoft.com/v1.0/users/user@contoso.com/ownedDevices
response:{"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects","value": [
{
"@odata.type": "#microsoft.graph.device",
"id": "b100feed-ee04-4f43-b806-4607520e6283",
"accountEnabled": true,
"alternativeSecurityIds": [
{
"type": 2,
"identityProvider": null,
"key": "***"
}
],
"approximateLastSignInDateTime": "2016-08-03T00:09:54Z",
"deviceId": "89eac41b-cd54-4a4b1-a890-4021dfd1df30",
"deviceMetadata": null,
"deviceVersion": 2,
"displayName": "user_Android_8/3/2016_12:09 AM",
"isCompliant": true,
"isManaged": true,
"onPremisesLastSyncDateTime": null,
"onPremisesSyncEnabled": null,
"operatingSystem": "Android",
"operatingSystemVersion": "6.0.1",
"physicalIds": [],
"trustType": "Workplace"
}
]
}
3. We can see that the device is compliant from the "isCompliant" property. Another way to see the same data is to look it up using the deviceId: https://graph.microsoft.com/v1.0/devices/deviceId_<deviceGUID>
Iain Greer
Service Engineer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.