Get details about devices managed by Mobile Device Management (MDM) for Office 365

This article shows you how to use the Azure Active Directory Module for Windows PowerShell to get details about the devices in your organization that you set up for Mobile Device Management for Office 365.

In this article

What device details can I get?

Before you begin

Run the Get-MsolDevice cmdlet to display details for all devices in your organization

Run a script to get device details

What device details can I get?

Here's a breakdown.

Detail

What to look for in PowerShell

Device is enrolled in MDM for Office 365

The value of the isManaged parameter is:

True = device is enrolled.

False = device is not enrolled.

Device is compliant with your device security policies

The value of the isCompliant parameter is:

True = device is compliant with policies.

False = device is not compliant with policies.

Flow showing AAD Shell param values for whether devices are enrolled and complaint

Note: The commands and scripts in this article will also return details about any devices that are managed by Microsoft Intune.

Before you begin

There are a few things you'll need to set up to run the commands and scripts described in this article.

  1. Go to this page and click Download for the file named AdministrationConfig-{Version}-GA.msi.

    Screenshot showing the file name for downloading the Azure Active Directory Module for Windows PowerShell
  2. When prompted, run the installation file, accept the terms, and complete the installation.

  1. In the Windows Azure Active Directory Module for Windows PowerShell, run the following command.

    $UserCredential = Get-Credential
  2. In the Windows PowerShell Credential Request dialog box, type the user name and password for your Office 365 global admin account, and then click OK.

  3. Run the following command.

    Connect-MsolService -Credential $UserCredential

Note: You can skip this step if you’re already set up to run PowerShell scripts.

To run the Get-MsolUserDeviceComplianceStatus.ps1 script, you need to enable the running of PowerShell scripts.

  1. From your Windows Desktop, click Start, and then type Windows PowerShell. Right click Windows PowerShell, and then click Run as administrator.

  2. Run the following command.

    Set-ExecutionPolicy RemoteSigned
  3. When prompted, type Y and then press Enter.

Run the Get-MsolDevice cmdlet to display details for all devices in your organization

  1. Open the Microsoft Azure Active Directory Module for Windows PowerShell.

  2. Run the following command.

    Get-MsolDevice -All -ReturnRegisteredOwners | Where-Object {$_.RegisteredOwners.Count -gt 0}

For more examples, see Get-MsolDevice.

Run a script to get device details

  1. Copy and paste the following text into Notepad.

    param (
        [PSObject[]]$users = @(),
        [Switch]$export,
        [String]$exportFileName = "UserDeviceComplianceStatus_" + (Get-Date -Format "yyMMdd_HHMMss") + ".csv",
        [String]$exportPath = [Environment]::GetFolderPath("Desktop")
     )
    
    [System.Collections.IDictionary]$script:schema = @{
        
        DeviceId = ''
        DeviceOSType = ''
        DeviceOSVersion = ''
        DeviceTrustLevel = ''
        DisplayName = ''
        IsCompliant = ''
        IsManaged = ''
        ApproximateLastLogonTimestamp = ''
        DeviceObjectId = ''    
        RegisteredOwnerUpn = ''
        RegisteredOwnerObjectId = ''
        RegisteredOwnerDisplayName = ''
    }
    
    function createResultObject
    {
    
        [PSObject]$resultObject = New-Object -TypeName PSObject -Property $script:schema
    
        return $resultObject
    }
    
    If ($users.Count -eq 0)
    {
        $users = Get-MsolUser
    }
    
    [PSObject[]]$result = foreach ($u in $users)
    {
        
        [PSObject]$devices = get-msoldevice -RegisteredOwnerUpn $u.UserPrincipalName
        foreach ($d in $devices)
        {
            [PSObject]$deviceResult = createResultObject
            $deviceResult.DeviceId = $d.DeviceId 
            $deviceResult.DeviceOSType = $d.DeviceOSType 
            $deviceResult.DeviceOSVersion = $d.DeviceOSVersion 
            $deviceResult.DeviceTrustLevel = $d.DeviceTrustLevel
            $deviceResult.DisplayName = $d.DisplayName
            $deviceResult.IsCompliant = $d.GraphDeviceObject.IsCompliant
            $deviceResult.IsManaged = $d.GraphDeviceObject.IsManaged
            $deviceResult.DeviceObjectId = $d.ObjectId
            $deviceResult.RegisteredOwnerUpn = $u.UserPrincipalName
            $deviceResult.RegisteredOwnerObjectId = $u.ObjectId
            $deviceResult.RegisteredOwnerDisplayName = $u.DisplayName
            $deviceResult.ApproximateLastLogonTimestamp = $d.ApproximateLastLogonTimestamp
    
            $deviceResult
        }
    
    }
    
    If ($export)
    {
        $result | Export-Csv -path ($exportPath + "\" + $exportFileName) -NoTypeInformation
    }
    Else
    {
        $result
    }
    
  2. Save it as a Windows PowerShell script file by using the file extension .ps1; for example, Get-MsolUserDeviceComplianceStatus.ps1.

  1. Open the Microsoft Azure Active Directory Module for Windows PowerShell.

  2. Navigate to the folder where you saved the script. For example, if you saved it to C:\PS-Scripts, you'd run the following command.

    cd C:\PS-Scripts
  3. Run the following command to identify the user you want to get device details for. This example gets details for bar@example.com.

    $u = Get-MsolUser -UserPrincipalName bar@example.com
  4. Run the following command to initiate the script.

    .\Get-MsolUserDeviceComplianceStatus.ps1 -User $u -Export

The information is exported to your Windows Desktop as a CSV file. You can use additional parameters to specify the file name and path of the CSV.

  1. Open the Microsoft Azure Active Directory Module for Windows PowerShell.

  2. Navigate to the folder where you saved the script. For example, if you saved it to C:\PS-Scripts, you'd run the following command.

    cd C:\PS-Scripts
  3. Run the following command to identify the group you want to get device details for. This example gets details for users in the FinanceStaff group.

    $u = Get-MsolGroupMember -SearchString "FinanceStaff" | % { Get-MsolUser -ObjectId $_.ObjectId }
  4. Run the following command to initiate the script.

    .\Get-MsolUserDeviceComplianceStatus.ps1 -User $u -Export

The information is exported to your Windows Desktop as a CSV file. You can use additional parameters to specify the file name and path of the CSV.

More info

Overview of MDM for Office 365

Get-MsolDevice

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×