Imagine having a tool that lets you manage devices in your organization with precision and ease. That’s what Microsoft Graph API brings to the table. By using its seven essential Graph API calls, you can build a dynamic Intune user device dashboard that simplifies device management and gives you unmatched visibility into your IT environment.

These Graph API calls let you access detailed data about users and devices while automating tasks to save time. With this flexibility, you can pull inventory data, run custom queries, and even automate configurations. The result? A streamlined process for monitoring compliance, managing apps, and tracking enrollment. Microsoft Graph API doesn’t just make your job easier—it transforms how you manage devices.

Key Takeaways

• Microsoft Graph API makes managing devices easier by letting you get user and device information quickly.

• Getting user details helps connect devices to users, making it easier to track who uses each device.

• Listing managed devices shows all devices clearly, helping you check rules and keep devices working well.

• Checking if devices follow rules ensures they are safe, helping you find problems fast.

• Using Graph API calls to do tasks automatically saves time and makes IT management better.

  Subscribe

1. Get User Details with Graph API Calls

Purpose of Fetching User Details

Fetching user details is the first step in building a robust Intune dashboard. It helps you connect devices to specific users, making device management more intuitive. By pulling user data, you can track how individuals interact with devices across your organization. This insight allows you to identify patterns, such as users accessing services from multiple devices, and ensures accountability for device usage.

When you retrieve user details, you unlock a new dimension in analytics. For example, you can compare signed-in users with all visitors to understand engagement better. This data also helps you segment users based on device usage, giving you a clearer picture of overlaps and trends.

Implementation of the API Call

To fetch user details, you’ll need to interact with Microsoft Graph API. Here’s how you can do it:

• Set up an app registration: Register your application in Azure Active Directory to gain access to Microsoft Graph.

• Set up permissions: Assign the necessary permissions, such as User.Read, to ensure your app can access user data securely.

• Get an access token: Use OAuth 2.0 to authenticate and obtain an access token.

• Call Microsoft Graph: Make a GET request to the endpoint https://graph.microsoft.com/v1.0/me using the access token.

Here’s an example of the GET request:

GET https://graph.microsoft.com/v1.0/me  
Authorization: Bearer {access_token}

This call retrieves basic user profile information, including their name, email, and unique identifier. Make sure your app handles the JSON response properly to extract the required data.

Example: Linking Devices to Specific Users

Imagine you’re managing a fleet of devices in your organization. By fetching user details, you can link each device to its owner. For instance, if a user has multiple devices, you can track them across platforms and ensure they comply with company policies.

Let’s say a user named Jane Doe has a laptop and a smartphone registered with Intune. By using Graph API Calls to fetch her details, you can create a dashboard that shows her devices, their compliance statuses, and installed apps. This setup not only simplifies device management but also enhances visibility into user activity.

Fetching user details also helps you identify non-compliant devices quickly. If Jane’s smartphone doesn’t meet security standards, you can take immediate action to resolve the issue. This proactive approach ensures your organization’s data remains secure while maintaining operational efficiency.

2. List Managed Devices Using Graph API Calls

Purpose of Retrieving Device Lists

When managing devices in your organization, knowing what’s out there is essential. Listing managed devices gives you a clear view of all the devices registered with Intune. This data helps you track inventory, monitor device health, and ensure compliance with company policies.

By retrieving device lists, you can answer critical questions like: Which devices are active? Are they compliant with security standards? Who’s using them? This information is vital for maintaining control over your IT environment. It also helps you identify trends, such as which device types are most common or which operating systems need updates.

Implementation of the API Call

To list managed devices, you’ll use Microsoft Graph API. Here’s how you can get started:

• Set up permissions: Ensure your app has the required Intune permission scopes. Administrator access is mandatory for this step.

• Get an access token: Authenticate using OAuth 2.0 to obtain a token.

• Make the API call: Use the endpoint https://graph.microsoft.com/v1.0/deviceManagement/managedDevices to fetch the list of devices.

Here’s an example of the GET request:

GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices  
Authorization: Bearer {access_token}

The response will include details like device names, operating systems, compliance statuses, and more. You can use this data to populate your dashboard and gain actionable insights.

Tip: Microsoft provides detailed documentation on accessing managed devices through Intune APIs. It also explains how to integrate automation tools with Graph API for enhanced security.

Example: Displaying All Devices Assigned to a User

Imagine you’re managing devices for a team. By listing managed devices, you can create a dashboard that shows all devices assigned to each user. For example, if John Smith has a laptop and a tablet, you can display both devices along with their compliance statuses.

This setup makes it easy to spot issues. If John’s tablet isn’t compliant, you’ll know right away and can take action. You can also track which devices are nearing the end of their lifecycle, helping you plan replacements proactively.

Listing managed devices isn’t just about inventory—it’s about staying ahead of potential problems and keeping your organization secure.

3. Get Device Compliance Status via Graph API Calls

Purpose of Checking Compliance

Device compliance is critical for maintaining a secure IT environment. By checking compliance statuses, you can ensure that all devices meet your organization’s security policies. This process helps you identify potential vulnerabilities, such as outdated software or missing security patches, before they become major issues.

When you monitor compliance, you gain control over your device ecosystem. For example, you can track which devices are encrypted, running approved operating systems, or have antivirus software installed. This visibility allows you to take immediate action if a device falls out of compliance, protecting your organization’s data and reputation.

Implementation of the API Call

To retrieve device compliance statuses, you’ll use Microsoft Graph API. Here’s how you can implement this call:

• Set up permissions: Assign the DeviceManagementManagedDevices.Read.All permission to your app in Azure Active Directory.

• Authenticate: Use OAuth 2.0 to get an access token.

• Make the API call: Send a GET request to the endpoint https://graph.microsoft.com/v1.0/deviceManagement/managedDevices.

The response will include compliance details for each device, such as compliance state, operating system, and last check-in time. Below is a table summarizing key features of this API call:

Example: Identifying Non-Compliant Devices

Let’s say you’re managing a fleet of devices, and you want to ensure they all meet your organization’s security standards. By using Graph API Calls to fetch compliance statuses, you can quickly identify non-compliant devices.

For instance, if a device lacks encryption or has outdated antivirus software, the API will flag it as non-compliant. You can then take steps to resolve the issue, such as pushing a security update or notifying the user.

Real-world examples highlight the importance of this capability. Companies like Barracuda Networks use similar APIs to create platforms that send real-time alerts for policy violations. JupiterOne leverages graph models to identify non-compliant devices and their relationships, improving overall security management. These use cases show how monitoring compliance can enhance your organization’s security posture.

Tip: Regularly review compliance reports to stay ahead of potential risks. Automation tools can help you streamline this process and ensure consistent monitoring.

4. Retrieve Device Configuration Profiles with Graph API Calls

Purpose of Accessing Configuration Profiles

Device configuration profiles are the backbone of a secure and efficient IT environment. These profiles define settings that ensure devices meet your organization’s standards. By retrieving configuration profiles, you can monitor how devices are set up and verify that they align with your policies.

Imagine you’re managing a fleet of devices. Some might require specific Wi-Fi settings, while others need restrictions on app installations. Configuration profiles make this possible. They help you enforce rules, like requiring encryption or disabling certain features, across all devices. This ensures consistency and reduces the risk of security breaches.

When you access configuration profiles, you gain visibility into how devices are configured. This insight allows you to identify gaps and make adjustments quickly. For example, if a device lacks a required setting, you can push updates to bring it into compliance.

Implementation of the API Call

Retrieving device configuration profiles with Graph API Calls is straightforward. Here’s how you can do it:

1. Set up permissions: Assign the DeviceManagementConfiguration.Read.All permission to your app in Azure Active Directory.

2. Authenticate: Use OAuth 2.0 to obtain an access token.

3. Make the API call: Send a GET request to the endpoint https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies.

Here’s an example of the GET request:

GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies  
Authorization: Bearer {access_token}

The response will include details about configuration profiles, such as their names, settings, and assigned devices. To simplify implementation, you can refer to guides like:

• Automate Intune App Deployment using Microsoft Graph API and PowerShell

• Create a device profile in Microsoft Intune

For more advanced use cases, the ServiceNow Graph Connector for Intune documentation provides step-by-step instructions for authentication, API calls, and response handling.

Example: Ensuring Devices Meet Configuration Standards

Let’s say you want to ensure all devices in your organization comply with encryption policies. By using Graph API Calls, you can retrieve configuration profiles and check which devices have encryption enabled.

For example, the endpoint GET /deviceManagement/managedDevices/{deviceId} returns compliance details for a specific device. It shows applied policies and their statuses. You can integrate this with Power Automate to disable access for non-compliant devices automatically.

This approach ensures devices meet configuration standards without manual intervention. It also helps you maintain a secure IT environment while saving time.

5. Fetch App Install Status for Devices Using Graph API Calls

Purpose of Monitoring App Installations

Keeping track of app installations on devices is essential for maintaining a secure and productive IT environment. By monitoring app install statuses, you can ensure that all corporate apps are installed and functioning as intended. This visibility helps you identify issues like failed installations or outdated versions, which could disrupt workflows or create security vulnerabilities.

In corporate environments, challenges like network connectivity and URL whitelisting often complicate app management. Ensuring seamless communication between managed devices and Intune is critical for fetching accurate app install statuses. Without this, you might miss key insights into app deployment and usage.

Monitoring app installations also supports compliance efforts. For example, you can verify that all devices have required apps installed, ensuring employees have the tools they need while adhering to company policies.

Implementation of the API Call

To fetch app install statuses, you’ll use Microsoft Graph API. Here’s how you can implement this:

1. Connect to Microsoft Graph: Ensure your app has the necessary scopes, such as DeviceManagementApps.Read.All, to access application data in Intune.

2. Authenticate: Use OAuth 2.0 to obtain an access token.

3. Make the API call: Use the endpoint https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps to retrieve a list of managed apps.

Here’s an example of a GET request:

GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps  
Authorization: Bearer {access_token}

To filter for specific app types, such as Win32 apps, you can use the filter query parameter. For example:

GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps?$filter=appType eq 'win32'  
Authorization: Bearer {access_token}

This process allows you to efficiently manage and monitor app install statuses across devices, ensuring operational efficiency.

Example: Verifying Corporate App Installations

Imagine you’re rolling out a new productivity app across your organization. By using Graph API Calls to fetch app install statuses, you can confirm whether the app has been successfully installed on all devices.

For instance, if a device shows a failed installation, you can investigate the issue and take corrective action. This might involve troubleshooting network connectivity or ensuring the device meets the app’s system requirements.

Here’s how this might look in practice:

• Retrieve the list of managed apps using the API.

• Filter the results to focus on the new app.

• Cross-check the install status for each device.

This approach ensures that all employees have access to the tools they need, minimizing downtime and boosting productivity. It also helps you maintain compliance by verifying that required apps are installed and up-to-date.

Tip: Regularly monitor app install statuses to catch issues early. Automation tools can help streamline this process, saving you time and effort.

6. Get Device Enrollment Status via Graph API Calls

Purpose of Tracking Enrollment

Tracking device enrollment is essential for maintaining control over your organization's IT environment. When devices are enrolled in Intune, they become manageable under your policies, ensuring security and compliance. Enrollment status gives you visibility into which devices are registered and ready for management. It also helps you identify gaps, like devices that haven't been enrolled or those with incomplete registration.

Imagine you're onboarding new employees. Their devices need to be enrolled in Intune to access corporate resources securely. By tracking enrollment, you can confirm whether their devices are properly registered. This process ensures that every device complies with your organization's standards, reducing risks and improving efficiency.

Implementation of the API Call

Getting device enrollment status with Graph API Calls is straightforward. You’ll use the importedDeviceIdentity endpoint to retrieve enrollment details. Here’s how it works:

• Corporate identifiers: Add device details manually or upload them via a .csv file. Include information like IMEI and Serial numbers.

• Post request: Send a POST request with the necessary data in the body to update the Intune portal.

Here’s an example of the POST request:

POST https://graph.microsoft.com/v1.0/deviceManagement/importedDeviceIdentity  
Authorization: Bearer {access_token}  
Content-Type: application/json  

{  
  "serialNumber": "123456789",  
  "imei": "987654321",  
  "enrollmentState": "enrolled"  
}

This call updates the Intune portal with enrollment details, ensuring devices are accurately tracked. For automation, you can use Azure Automation to run PowerShell scripts that authenticate to Azure AD and Intune using a Managed System Identity.

Example: Ensuring Devices Are Registered with Intune

Let’s say you’re rolling out a new policy requiring all corporate devices to be enrolled in Intune. By using Graph API Calls, you can automate the process and verify enrollment status.

Here’s how organizations achieve this:

• Use Azure Automation to run scripts that authenticate to Intune and Azure AD.

• Assign permissions like DeviceManagementManagedDevices.Read.All to ensure accurate registration.

For example, if a device isn’t enrolled, the script flags it for review. This proactive approach ensures all devices are managed under your policies. It also helps you maintain compliance and streamline device management.

Tip: Regularly monitor enrollment status to catch unregistered devices early. Automation tools can simplify this process, saving you time and effort.

7. Retrieve Audit Logs for Intune Activities Using Graph API Calls

Purpose of Accessing Audit Logs

Audit logs are your go-to resource for tracking changes and actions within your Intune environment. They record everything from updates and deletions to assignments and remote actions. By accessing these logs, you gain a detailed view of what’s happening across your organization.

Why does this matter? Audit logs help you monitor compliance and detect anomalies. For example, if someone modifies a device configuration or deletes a policy, the logs provide a timestamped record of the activity. You can even retrieve up to two years of audit events using Graph API, making it easier to investigate long-term trends or historical changes.

Here’s what makes audit logs indispensable:

• They track changes made by administrators.

• You can search for specific cmdlets or actions.

• They log modifications to objects, ensuring accountability.

• Even if audit logging is disabled, tampering attempts are still recorded.

With this level of detail, you can identify potential security risks and ensure your organization stays compliant with internal and external policies.

Implementation of the API Call

Retrieving audit logs with Graph API Calls is straightforward. Microsoft provides robust documentation to guide you through the process. Here’s a quick overview:

To get started, authenticate your app using OAuth 2.0 and obtain an access token. Then, make a GET request to the endpoint:

GET https://graph.microsoft.com/v1.0/auditLogs/signIns  
Authorization: Bearer {access_token}  

This call retrieves audit logs related to sign-ins, but you can modify the endpoint to access other types of logs, such as device management activities.

Tip: Use pagination to handle large datasets efficiently. The nextlink URI in the response helps you fetch additional records without overwhelming your system.

Example: Monitoring Administrative Actions

Imagine you’re investigating a recent change to your Intune policies. By retrieving audit logs, you can pinpoint the administrator responsible for the modification and review the exact changes made.

Let’s say a policy restricting app installations was updated. Using Graph API Calls, you can search the logs for the specific cmdlet used to make the change. The logs will show who performed the action, when it happened, and what was altered.

This level of detail is invaluable for maintaining accountability. If you suspect tampering or unauthorized changes, the logs provide concrete evidence to support your investigation. They also help you identify gaps in your security protocols and take corrective action.

Note: Regularly reviewing audit logs ensures you stay ahead of potential risks. Automating this process with PowerShell scripts or third-party tools can save time and improve efficiency.

Building an Intune user device dashboard becomes a breeze when you master these seven Graph API Calls. Each call plays a unique role in simplifying device management and boosting visibility across your organization. From retrieving user details to tracking compliance and enrollment statuses, these APIs empower you to create a dashboard that’s both efficient and insightful.

Here’s a quick look at how these calls enhance your dashboard:

By leveraging these APIs, you’ll streamline device management, improve compliance monitoring, and gain actionable insights—all from a single dashboard. Ready to take the next step? Dive into the Microsoft Graph API documentation and start integrating these calls into your dashboard today.

Share

FAQ

How do I get started with Microsoft Graph API for Intune dashboards?

Start by registering your app in Azure Active Directory. Assign permissions like DeviceManagement.Read.All. Use OAuth 2.0 to authenticate and get an access token. Then, make API calls to fetch data for your dashboard.

Can I automate Graph API calls for my dashboard?

Yes! Use tools like Power Automate or PowerShell scripts. These tools let you schedule API calls, process responses, and update your dashboard automatically. Automation saves time and ensures consistent monitoring.

What permissions are required for Graph API calls?

Permissions depend on the API call. For example, User.Read is needed for user details, while DeviceManagementManagedDevices.Read.All is required for device data. Always assign the least privilege necessary for security.

Are there limits to the data I can retrieve with Graph API?

Microsoft Graph API has rate limits to prevent overloading. For large datasets, use pagination with the nextlink URI. This ensures smooth data retrieval without hitting limits.

Can I test Graph API calls before integrating them?

Absolutely! Use tools like Postman or Microsoft Graph Explorer. These tools let you test endpoints, view responses, and troubleshoot issues before adding them to your dashboard.

Tip: Bookmark the Microsoft Graph API documentation for quick reference while testing.