Get-EntraDevice
Gets a device from Microsoft Entra ID.
Syntax
GetQuery (Default)
Get-EntraDevice
[-Top <Int32>]
[-All]
[-Filter <String>]
[-Property <String[]>]
[<CommonParameters>]
GetByValue
Get-EntraDevice
[-SearchString <String>]
[-All]
[-Property <String[]>]
[<CommonParameters>]
GetById
Get-EntraDevice
-DeviceId <String>
[-All]
[-Property <String[]>]
[<CommonParameters>]
Description
The Get-EntraDevice cmdlet gets a device from Microsoft Entra ID. Specify the DeviceId parameter to get a specific device.
In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported:
- Cloud Device Administrator
- Intune Administrator
- Windows 365 Administrator
- Compliance Administrator
- Device Managers
Examples
Example 1: Get a device by ID
Connect-Entra -Scopes 'Device.Read.All'
$device = Get-EntraDevice -SearchString '<device-display-name>'
Get-EntraDevice -ObjectId $device.ObjectId
DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership
--------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- ---------------
bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData
This example shows how to retrieve a device using its ID.
Example 2: Get a device by DeviceID
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -Filter "DeviceId eq 'eeeeeeee-4444-5555-6666-ffffffffffff'"
DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership
--------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- ---------------
bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData
This example shows how to retrieve a device using the DeviceID.
Example 3: Get all devices
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice
DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership
--------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- ---------------
bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData
cccccccc-2222-3333-4444-dddddddddddd True eeeeeeee-4444-5555-6666-ffffffffffff MetaData
This example demonstrates how to retrieve all devices from Microsoft Entra ID.
Example 4: Get top two devices
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -Top 2
DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership
--------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- ---------------
bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData
cccccccc-2222-3333-4444-dddddddddddd True eeeeeeee-4444-5555-6666-ffffffffffff MetaData
This example demonstrates how to retrieve top two devices from Microsoft Entra ID. You can use -Limit as an alias for -Top.
Example 5: Get a device by display name
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership
--------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- ---------------
bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData
This example demonstrates how to retrieve device using the display name.
Example 6: Get a device using display name
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -Filter "startsWith(DisplayName,'Woodgrove')"
DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership
--------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- ---------------
bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData
This example demonstrates how to retrieve all the devices whose display name starts with the word Woodgrove.
Example 7: Search among retrieved devices
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -SearchString 'DESKTOP'
DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership
--------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- ---------------
bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData
This example shows how to retrieve devices containing the word 'DESKTOP'.
Example 8: List duplicate devices
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -All -Select DisplayName, OperatingSystem |
Group-Object DisplayName |
Where-Object { $_.Count -gt 1 } |
Select-Object Name, @{Name = "OperatingSystem"; Expression = { ($_.Group | Select-Object -First 1).OperatingSystem } }, Count | Sort-Object Count -Descending |
Format-Table Name, OperatingSystem, Count -AutoSize
Name OperatingSystem Count
---- --------------- -----
iPhone iOS 175
samsungSM-S928B Android 15
woodgrove-win11-client Windows 2
The output lists duplicate devices by display name, operating system, and count.
Example 9: List non-compliant devices
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -Filter "isCompliant eq false"
Example 10: List jail broken devices
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -All | Where-Object { $_.isRooted -eq $true }
Example 11: List managed devices
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -Filter "isManaged eq true"
Example 12: List enabled devices
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -Filter "accountEnabled eq true" -All
Example 13: List devices with specific operating system and version
Connect-Entra -Scopes 'Device.Read.All'
Get-EntraDevice -Filter "operatingSystem eq 'Windows Server' and operatingSystemVersion eq '10.0.20348.3091'"
Parameters
-All
List all pages.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DeviceId
Specifies the ID of a device in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
GetById
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Filter
Specifies the OData v4.0 filter statement. This parameter controls which objects are returned.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Property
Specifies properties to be returned
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SearchString
Specifies a search string.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetValue
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Top
Specifies the maximum number of records to return.
Parameter properties
| Type: | System.Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Limit |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.