Edit

Share via

Get-EntraBetaDevice

Module:
Microsoft.Entra.Beta.DirectoryManagement Module v1.1

Gets a device from Microsoft Entra ID.

Syntax

GetQuery (Default) 

Get-EntraBetaDevice

    [-Filter <String>]
    [-All]
    [-Top <Int32>]
    [-Property <String[]>]
    [-LogonTimeBefore <DateTime>]
    [-Stale]
    [-NonCompliant]
    [-IsManaged <Boolean>]
    [-JoinType <String>]
    [<CommonParameters>]

GetByValue 

Get-EntraBetaDevice

    [-SearchString <String>]
    [-All]
    [-Property <String[]>]
    [-LogonTimeBefore <DateTime>]
    [-Stale]
    [-NonCompliant]
    [-IsManaged <Boolean>]
    [-JoinType <String>]
    [<CommonParameters>]

GetById 

Get-EntraBetaDevice

    -DeviceId <String>
    [-All]
    [-Property <String[]>]
    [<CommonParameters>]

Description

The Get-EntraBetaDevice cmdlet gets a device from Microsoft Entra ID. Specify the DeviceId parameter to get a specific device.

In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported:

  • Cloud Device Administrator
  • Intune Administrator
  • Windows 365 Administrator
  • Compliance Administrator
  • Device Managers

Examples

Example 1: Get a device by ID

Connect-Entra -Scopes 'Device.Read.All'
$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
Get-EntraBetaDevice -DeviceId $device.ObjectId

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetada
                                                                                                                                                                                   ta
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             ------------
                bbbbbbbb-1111-1111-1111-cccccccccccc True                                                                                     dddddddd-9999-0000-1111-eeeeeeeeeeee MetaData

This example shows how to retrieve a device using its ID.

Example 2: Get a device by DeviceID

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Filter "DeviceId eq 'eeeeeeee-4444-5555-6666-ffffffffffff'"

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetadata DeviceOwnership
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             -------------- ---------------
                bbbbbbbb-1111-2222-3333-cccccccccccc True                                                                                     eeeeeeee-4444-5555-6666-ffffffffffff MetaData

This example shows how to retrieve a device using the DeviceID.

Example 3: Get all devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetada
                                                                                                                                                                                   ta
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             ------------
                aaaaaaaa-1111-1111-1111-bbbbbbbbbbbb True                                                                                     aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb MetaData
                bbbbbbbb-1111-1111-1111-cccccccccccc True                                                                                     aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb MetaData

This example demonstrates how to retrieve all devices from Microsoft Entra ID.

Example 4: Get top two devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Top 2

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetada
                                                                                                                                                                                   ta
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             ------------
                aaaaaaaa-1111-1111-1111-bbbbbbbbbbbb True                                                                                     aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb MetaData
                bbbbbbbb-1111-1111-1111-cccccccccccc True                                                                                     aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb MetaData

This example demonstrates how to retrieve top two devices from Microsoft Entra ID. You can use -Limit as an alias for -Top.

Example 5: Get a device by display name

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetada
                                                                                                                                                                                   ta
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             ------------
                bbbbbbbb-1111-1111-1111-cccccccccccc True                                                                                     dddddddd-9999-0000-1111-eeeeeeeeeeee MetaData

This example demonstrates how to retrieve device using the display name.

Example 6: Get a device using display name

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Filter "startsWith(DisplayName,'Woodgrove')"

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetada
                                                                                                                                                                                   ta
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             ------------
                bbbbbbbb-1111-1111-1111-cccccccccccc True                                                                                     dddddddd-9999-0000-1111-eeeeeeeeeeee MetaData

This example demonstrates how to retrieve all the devices whose display name starts with the word Woodgrove.

Example 7: Search among retrieved devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -SearchString 'DESKTOP'

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetada
                                                                                                                                                                                   ta
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             ------------
                bbbbbbbb-1111-1111-1111-cccccccccccc True                                                                                     dddddddd-9999-0000-1111-eeeeeeeeeeee MetaData

This example shows how to retrieve devices containing the word 'DESKTOP.'

Example 8: List duplicate devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -All -Select DisplayName, OperatingSystem |
Group-Object DisplayName |
Where-Object { $_.Count -gt 1 } |
Select-Object Name, @{Name = "OperatingSystem"; Expression = { ($_.Group | Select-Object -First 1).OperatingSystem } }, Count | Sort-Object Count -Descending |
Format-Table Name, OperatingSystem, Count -AutoSize

Name                       OperatingSystem Count
----                       --------------- -----
iPhone                     iOS               175
samsungSM-S928B            Android            15
woodgrove-win11-client     Windows             2

The output lists duplicate devices by display name, operating system, and count.

Example 9: List non-compliant devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Filter "isCompliant eq false"

Example 10: List jail broken devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -All | Where-Object { $_.isRooted -eq $true }

Example 11: List managed devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Filter "isManaged eq true"

Example 12: List enabled devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Filter "accountEnabled eq true" -All

Example 13: List devices with specific operating system and version

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Filter "operatingSystem eq 'Windows Server' and operatingSystemVersion eq '10.0.20348.3091'"

Example 14: Get stale devices (inactive for 2+ months)

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Stale

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetadata DeviceOwnership
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             -------------- ---------------
                bbbbbbbb-1111-2222-3333-cccccccccccc True           2024-08-15T10:30:00Z                                                      eeeeeeee-4444-5555-6666-ffffffffffff MetaData

This example demonstrates how to retrieve devices that haven't signed in for 2 months or more.

Example 15: Get devices that signed in before a specific date

Connect-Entra -Scopes 'Device.Read.All'
$date = Get-Date "2024-09-01"
Get-EntraBetaDevice -LogonTimeBefore $date

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetadata DeviceOwnership
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             -------------- ---------------
                bbbbbbbb-1111-2222-3333-cccccccccccc True           2024-08-15T10:30:00Z                                                      eeeeeeee-4444-5555-6666-ffffffffffff MetaData

This example demonstrates how to retrieve devices with last sign-in before September 1, 2024.

Example 16: Get non-compliant devices using NonCompliant parameter

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -NonCompliant

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetadata DeviceOwnership
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             -------------- ---------------
                bbbbbbbb-1111-2222-3333-cccccccccccc True                                                                                     eeeeeeee-4444-5555-6666-ffffffffffff MetaData

This example demonstrates how to retrieve devices that are not compliant with organizational policies.

Example 17: Get managed devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -IsManaged $true

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetadata DeviceOwnership
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             -------------- ---------------
                bbbbbbbb-1111-2222-3333-cccccccccccc True                                                                                     eeeeeeee-4444-5555-6666-ffffffffffff MetaData

This example demonstrates how to retrieve devices managed by a Mobile Device Management (MDM) solution.

Example 18: Get Microsoft Entra Joined devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -JoinType "MicrosoftEntraJoined"

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetadata DeviceOwnership
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             -------------- ---------------
                bbbbbbbb-1111-2222-3333-cccccccccccc True                                                                                     eeeeeeee-4444-5555-6666-ffffffffffff MetaData

This example demonstrates how to retrieve devices that are Microsoft Entra Joined.

Example 19: Get Microsoft Entra Hybrid Joined devices

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -JoinType "MicrosoftEntraHybridJoined"

This example demonstrates how to retrieve devices that are Microsoft Entra Hybrid Joined.

Example 20: Combine multiple filter parameters

Connect-Entra -Scopes 'Device.Read.All'
Get-EntraBetaDevice -Stale -NonCompliant -IsManaged $true

DeletedDateTime Id                                   AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId                             DeviceMetadata DeviceOwnership
--------------- --                                   -------------- ----------------------------- ---------------------------- -------------- --------                             -------------- ---------------
                bbbbbbbb-1111-2222-3333-cccccccccccc True           2024-08-15T10:30:00Z                                                      eeeeeeee-4444-5555-6666-ffffffffffff MetaData

This example demonstrates how to combine multiple filter parameters to find devices that are stale, non-compliant, and managed.

Parameters

-All

List all pages.

Parameter properties

Type:System.Management.Automation.SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DeviceId

Specifies the ID of a device in Microsoft Entra ID.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False
Aliases:ObjectId

Parameter sets

GetById
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

-Filter

Specifies the OData v4.0 filter statement. This parameter controls which objects are returned.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

GetQuery
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

-IsManaged

Filter devices based on whether they are managed by a Mobile Device Management (MDM) solution. Use $true for managed devices or $false for unmanaged devices.

Parameter properties

Type:

System.Nullable`1[System.Boolean]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

GetQuery
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False
GetValue
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-JoinType

Filter devices by join type: MicrosoftEntraJoined, MicrosoftEntraHybridJoined, or MicrosoftEntraRegistered.

Parameter properties

Type:System.String
Default value:None
Accepted values:MicrosoftEntraJoined, MicrosoftEntraHybridJoined, MicrosoftEntraRegistered
Supports wildcards:False
DontShow:False

Parameter sets

GetQuery
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False
GetValue
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-LogonTimeBefore

Filter devices with last sign-in before a specified date.

Parameter properties

Type:System.DateTime
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

GetQuery
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False
GetValue
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-NonCompliant

Filter devices that are not compliant with organizational policies.

Parameter properties

Type:System.Management.Automation.SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False

Parameter sets

GetQuery
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False
GetValue
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-Property

Specifies properties to be returned

Parameter properties

Type:

System.String[]

Default value:None
Supports wildcards:False
DontShow:False
Aliases:Select

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SearchString

Specifies a search string.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

GetValue
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

-Stale

Filter devices that haven't signed in for 2 months or more.

Parameter properties

Type:System.Management.Automation.SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False

Parameter sets

GetQuery
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False
GetValue
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-Top

Specifies the maximum number of records to return.

Parameter properties

Type:System.Int32
Default value:None
Supports wildcards:False
DontShow:False
Aliases:Limit

Parameter sets

GetQuery
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.