Device Management
How IdentityOps surfaces your Intune device inventory, compliance posture, and stale enrollments in a single read-only view.
Applies to: ProModule: Device Management
What Device Management shows
The Device Management page provides a complete inventory of all Intune-managed devices in your tenant. Each device shows its compliance status, operating system information, last check-in date, and staleness detection — giving you a single pane of glass for device posture without leaving IdentityOps.
Requirements
Device Management requires the
Pro plan with Intune permissions granted. If you are on a Free or Starter plan, the Devices page will not be available. Upgrade from
Settings → Billing.
The following Microsoft Graph permissions must be granted during admin consent:
| Permission | Purpose |
|---|
| DeviceManagementManagedDevices.Read.All | Read device inventory, compliance status, and hardware details. |
| DeviceManagementConfiguration.Read.All | Read compliance policies and configuration profiles assigned to devices. |
Device data collected
For each Intune-managed device, IdentityOps reads the following fields during a scan:
Device name: The display name of the device as registered in Intune.
Model & manufacturer: Hardware model and manufacturer (e.g., Surface Pro 9, Dell Latitude 5540).
Operating system & version: OS type (Windows, macOS, iOS, Android) and version number.
Compliance status: Current compliance state: Compliant, Non-compliant, or Not evaluated.
Last check-in date: The most recent date the device checked in with Intune.
Enrollment type & managed-by: How the device was enrolled and which management authority oversees it.
Primary user: The user associated with the device enrollment.
Compliance overview
The compliance dashboard shows at-a-glance cards for compliant vs. non-compliant device counts, an OS breakdown (Windows, macOS, iOS, Android), and compliance trend over time as scans accumulate history.
Compliant
Device meets all assigned compliance policies. Encryption, OS version, and security settings are all in order.
Non-compliant
Device fails one or more compliance policies. May be blocked from accessing corporate resources via Conditional Access.
Not evaluated
No compliance policy has been assigned to the device, or the device has not yet been evaluated.
Stale device detection
Devices that have not checked in with Intune for 30 or more days are automatically flagged as stale. Stale devices are a common source of security and compliance drift. Common causes include:
Decommissioned hardware that is still enrolled in Intune.
Users who have left the organization but their device enrollment was not cleaned up.
Devices that have lost connectivity and need re-enrollment.
Test or lab devices that are no longer in use.
Tip: Cross-reference stale devices with the License Governance page. A departed user with a stale device often also has reclaimable licenses assigned.
Export
The full device inventory is exportable as a CSV file for compliance audits, IT asset management reconciliation, or offline review. The export includes all fields listed above for every device in the tenant.
Limitations
IdentityOps reads device data only. It cannot modify device configurations, push compliance policies, trigger remote wipes, or perform any remote actions. All device management actions should be taken directly in
Microsoft Intune / Endpoint Manager.
IdentityOps Recommendation
Cross-reference stale devices with license assignments. A departed user with a stale device often also has reclaimable licenses — cleaning up both at once saves two passes.
Where teams usually go next