Device queries
Device queries help IT administrators quickly get an overview of information about all Windows devices that are enrolled with Microsoft Intune Advanced Analytics within their Microsoft Intune environment. Device queries use Kusto Query Language (KQL). You might be familiar with this if you have experience with Log Analytics workspaces in Microsoft Azure. If you don’t have any experience, don’t worry – this is where Security Copilot comes into play. You will be able to query with natural language and Copilot will translate that into a KQL query for you. This is also a good starting point to get a better understanding of KQL queries and evolve your skills onward. Below is an example of how to use a device query with Security Copilot:
- Find and select your device in Microsoft Intune.
- Go to Device query.
- Select Query with Copilot.
Figure 7.11: Device query overview
- From here, we can ask anything, and it...
