Drivers Inventory dashboard on devices with Intune and Log Analytics

In this post I will share with you a Log Analytics dashboard for drivers inventory allowing you to see all drivers installed on your devices

The solution

The script will get all non Microsoft drivers on each devices using the Win32_PNPSignedDriver WMI class.

It will be executed on each devices through a Remediation script.

This will resume in few steps:

- Creating a Remediation script

- Script is executed on all devices

- It will get installed drivers

- It will send info to Log Analytics

What shows the dashboard ?

The dashboard will display the below information in two tabs:

Drivers resume tab

- Devices count per models

- Devices count per drivers version

- Devices with drivers > 2 years

Drivers details tab

- Full details

- Drivers installed per models

- Drivers > 2 years for a device

- Older drivers (> 2 years)

- List of graphics drivers per models

- List of network drivers per models

If you filter on a specific device name below info will be available:

- Drivers older than 2 years for the device

- Drivers installed on the last 2 months

More info about Log Analytics

If you want to get more info about Log Analytics, check here my blog series about Learning Log Analytics from scratch.

I will also speak at the MEM Summit 2023 in Paris about this topic, see below.

Get the files

Click on the below GitHub picture to get required below files:

- DriversInventory_workbook.json

- Detection_script.ps1

How it looks like ?

The workbook is divided in 2 tabs:

- Drivers resume & Details

The Log Analytics workbook will display below information:

- Count of devices inventoried

- Count of models inventoried

- Count of manufacturer inventoried

- Devices count per models

- Devices count per drivers version

- Devices with drivers > 2 years

- Full details

- Drivers installed per models

- Drivers > 2 years for a device

- Older drivers (> 2 years)

- List of graphics drivers per models

- List of network drivers per models

In the Details tab to get more info add, filter on a device name here below:

You will get drivers > 2 years:

And drivers installed on the last 2 months:

Log Analytics information

In order to create this report we will need to add some information relative to the Log Analytics workspace in the PS1 script.

See below required info:

- Workspace ID

- Primary key

To get those information go to Log Analytics Workspace > Agents management

You will find both Workspace ID and Primary key.

Then we will proceed as below:

1. Open the file Detection_script.ps1

2. Fill below variables:

- $CustomerID: workspace ID

- $ShareKey: Primary key

Creating the Remediation script

1. Go to the Intune portal

2. Go to Devices

3. Go to Remediations

4. Click on Create script package

5. Type a name

6. Click on Next

7. Click on Detection script file

8. Browse the script Detection_script.ps1

9. Click on Next

10. Click on Next

11. Click on Create

Adding the workbook

In this part we will add the report.

The report can be downloaded on GitHub, lin mentioned above.

The report is the file: DriversInventory_workbook.json

To add it, proceed as below:

1. Go to the Azure portal

2. Go to Log Analytics workspace

3. Go to workbook

4. Click on New

5. Go to Advanced editor, at the top

6. Remove content

7. Go to the GitHub link, there

8. Click on the copy button as below:

9. Click on Apply

10. Click on Done editing then Save

Issues you have

Error with CL

After adding the workbook if you have an error as below it means that the Custom log does not exist yet so the workbook can not access to data from a log that not exists.

To check that just go to the Log part from Log Analytics and check if the DriversInventory_CL exists.

If not check if the remediation script has been executed at least on a device.

Error with filters

If you have the below error, check in filters at the top that something is selected.

For instance, go to the Class filter and check All if it's not