Managing Advanced Endpoint Analytics devices anomalies with PowerShell and Graph
In this post we will see how to use the Endpoint Analytics devices anomalies part with PowerShell and MS Graph.
Endpoint Analytics device anomalies
Microsoft recently integrated some cool features into Endpoint Analytics.
Those one are part of Advanced Endpoint Analytics.
See there my previous post about the device anomalies feature.
Device anomalies and Graph
We have seen how to use it through the portal.
When I start working on a new feature I always check how to use it with Graph.
To check that you should always play with the developer mode.
See here a post I did about that.
Anomalies by severity count
See below how looks like this part from the portal:
It's located on the main part of Anomalies.
The appropriate Graph resource path to use it is:
deviceManagement/userExperienceAnalyticsAnomalySeverityOverview
See below a Graph query with PowerShell to get same results than in the portal:
See below result we get:
Anomalies list
See below how looks like this part from the portal:
It's located on the main part of Anomalies and list anomaly title, severity and count of affected devices.
The appropriate Graph resource path to use it is:
deviceManagement/userExperienceAnalyticsAnomaly
See below a Graph query with PowerShell to get same results than in the portal:
See below result we get:
Anomaly affected devices
See below how looks like this part from the portal:
This part is available when you click on a specific anomaly and click on affected devices.
The appropriate Graph resource path to use it is:
deviceManagement/userExperienceAnalyticsAnomalyDevice
You will then need to specify the anomalyId.
The anomalyId is available on the anomalies list we have seen in the previous part.
There we want to check affected devices for the following anomaly:
Stop error restarts with bug check code 0 on over 5% of devices in a 48 hour window
We can see here the anomalyId to use.
See below a Graph query with PowerShell to get same results than in the portal:
See below result we get:
Enregistrer un commentaire