Monitoring Enrolled Devices
Start course

This course explores the suite of tools available in Microsoft Endpoint Manager for establishing and maintaining security posture in an organization. These include tools like Microsoft Intune, used for enrolling devices as well as creating and enforcing device compliance, and Microsoft Defender, used for implementing device antivirus and malware defense tools. This course will also review the activities involved in reducing attack surfaces in an organization that bad actors could use to penetrate and expose sensitive data. This sensitive data is protected through the implementation of attack surface reduction rules which are deployed through careful auditing and testing to prevent any loss of productivity. This course will also touch on the security baselines made available to organizations wishing to enact a more granular security posture and have access to tools like secure score for evaluating the effectiveness of these efforts against known best practices.  

Learning Objectives

  • Create a compliance policy 
  • Monitor enrolled devices
  • Setup surface attack reduction rules
  • Deploy surface attack reduction rules
  • Review security baselines
  • Examine Microsoft secure score

Intended Audience

This course is designed for individuals who are responsible for setting up and monitoring device compliance and security in Microsoft 365 as well as those pursuing Microsoft certifications.


To get the most from this course, you should have some familiarity and experience with the Microsoft 365 security suite of tools including Microsoft Endpoint Manager.  


Let's examine how we can monitor enrolled devices. Organizations can use MDM solutions such as Intune to monitor enrolled devices. These devices must be running compatible software such as Windows 10, iOS, and Android operating systems. Intune allows us to view a list of enrolled devices, review their inventory, configure and secure devices by using policies and profiles, monitor Intune activities and compliance status, deploy apps to users and devices, and complete remote device management tasks, such as removing company data or restarting the device. We can monitor device activity using the Microsoft Endpoint Manager.

On the overview page, we can see a quick view of the number of enrolled devices, their type, compliance status, and number of errors. Those with administrator status can drill down to list all the enrolled devices and their inventory. They can also export the list.

For a deeper dive into devices, it is recommended to connect Power BI to the Intune data warehouse to provide deep insight into the enterprise mobile environment. Intune stores audit logs of all activities that generated changes in Microsoft Intune. Audit logs include activities such as create, update, delete, and assign. Organizations can review audit logs for most Intune workloads. Auditing is enabled by default, and it can't be disabled. Because it's common to have many audit events, they can be filtered based on several criteria. Graph API can also be used to retrieve up to one year of audit events.

In the Intune view, organizations can also trigger a device action and view history of the remote actions that were run on different devices. This history includes the actions, its status, who started the action, and the time. Some example actions that we can remotely trigger on a device include: removing company data, conducting a factory reset, setting a remote lock, resetting a passcode, and synchronizing the device.

About the Author

Steve is an experienced Solutions Architect with over 10 years of experience serving customers in the data and data engineering space. He has a proven track record of delivering solutions across a broad range of business areas that increase overall satisfaction and retention. He has worked across many industries, both public and private, and found many ways to drive the use of data and business intelligence tools to achieve business objectives. He is a persuasive communicator, presenter, and quite effective at building productive working relationships across all levels in the organization based on collegiality, transparency, and trust.