Loading...

Managing Advanced Endpoint Analytics devices anomalies with PowerShell and Graph

Reply A+ A-


In this post we will see how to use the Endpoint Analytics devices anomalies part with PowerShell and MS Graph.


Endpoint Analytics device anomalies

Microsoft recently integrated some cool features into Endpoint Analytics.

Those one are part of Advanced Endpoint Analytics.

See there my previous post about the device anomalies feature.


Device anomalies and Graph

We have seen how to use it through the portal.

When I start working on a new feature I always check how to use it with Graph.

To check that you should always play with the developer mode.

See here a post I did about that.


Anomalies by severity count

See below how looks like this part from the portal:


It's located on the main part of Anomalies.

The appropriate Graph resource path to use it is:

deviceManagement/userExperienceAnalyticsAnomalySeverityOverview

See below a Graph query with PowerShell to get same results than in the portal:

See below result we get:



Anomalies list

See below how looks like this part from the portal:


It's located on the main part of Anomalies and list anomaly title, severity and count of affected devices.

The appropriate Graph resource path to use it is:

deviceManagement/userExperienceAnalyticsAnomaly

See below a Graph query with PowerShell to get same results than in the portal:

See below result we get:



Anomaly affected devices

See below how looks like this part from the portal:


This part is available when you click on a specific anomaly and click on affected devices.

The appropriate Graph resource path to use it is:

deviceManagement/userExperienceAnalyticsAnomalyDevice

You will then need to specify the anomalyId.

The anomalyId is available on the anomalies list we have seen in the previous part.

There we want to check affected devices for the following anomaly:

Stop error restarts with bug check code 0 on over 5% of devices in a 48 hour window


We can see here the anomalyId to use.

See below a Graph query with PowerShell to get same results than in the portal:

See below result we get:



Intune suite 7708244256307978834

Enregistrer un commentaire

Accueil item

Award

Sponsors

Learn KQL in one month

You want to support me ?

Mes articles en français

Books in French


Stats