🚀 Overview

The Intune Data Platform serves as the centralized repository for telemetry and configuration data harvested from managed endpoints. For IT Administrators, this schema represents the roadmap for performing high-precision Device Queries (both on-demand for single devices and at scale for multiple devices) and maintaining a robust Device Inventory.

The platform aggregates data points—known as properties—across various operating systems. For Android environments, the schema specifically supports Corporate-Owned Dedicated devices (COSU), Fully Managed devices (COBO), and Corporate-Owned devices with a Work Profile (COPE). By understanding the property types (e.g., String, Boolean, Long) and their specific platform availability, admins can build complex queries to audit security posture, hardware health, and software compliance.

⚙️ Key Technical Details

The Intune Data Platform is organized into entities (tables). Below are the core technical details for the primary entities available to administrators:

🍏 Apple-Specific Entities

• AppleAutoSetupAdminAccounts: Designed for macOS, iOS, and iPadOS, this entity provides identity details for administrative accounts, including the AccountGUID and AccountShortName. It is primarily used for multi-device queries.
• AppleDeviceStates: Focuses on the security and operational status of Apple hardware. Key properties include:
  • ActivationLockSupported (bool) and MdmLostModeEnabled (bool) for theft recovery.
  • SystemIntegrityProtectionEnabled (bool) to verify macOS security.
  • Supervised (bool) to confirm management depth.
• AppleUpdateSettings: Monitors how macOS and iOS devices handle software maintenance. Admins can track the CatalogUrl, AutomaticOSInstallationEnabled, and the PreviousScanResult to ensure systems are current.

🔋 Hardware and System Health

• Battery: A cross-platform entity providing insights into mobile power health. It tracks CycleCount (Android/Windows), DesignCapacity, and FullChargedCapacity (milliwatt hours on Windows), and general Health assessments across all platforms.
• BiosInfo: Specific to Windows, this entity reports SmBiosVersion, ReleaseDateTime, and SerialNumber. Note that SoftwareElementId and SoftwareElementState are also tracked for multi-device queries across Apple and Android platforms.
• CPU: Retrieves granular processor details for Windows systems, including Architecture, CoreCount, LogicalProcessorCount, and MaxClockSpeed.
• MemoryInfo: Tracks RAM utilization. While PhysicalMemoryTotalBytes is available for broad queries, PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes are reserved for on-demand single-device queries.

🛡️ Security and Identity (Windows)

• Certificate: Used for on-demand queries to audit the local certificate store. Properties include SubjectName, Issuer, ValidToDateTime, SigningAlgorithm, and KeyStrength.
• LocalUserAccount & LocalGroup: Allows admins to audit local security principals. It reports Username, WindowsSid, and HomeDirectory for users, as well as GroupName and GroupId for local groups.
• EncryptableVolume: Essential for BitLocker compliance. Admins can verify ProtectionStatus, EncryptionPercentage, and EncryptionMethod for every volume on a Windows device.

📂 Storage and File Systems

• DeviceStorage: Provides high-level capacity data (DeviceCapacityBytes) for mobile and macOS platforms. On Android, it also confirms if the storage is Encrypted.
• DiskDrive & LogicalDrive: Tracks physical hardware (InterfaceType, Manufacturer, SizeBytes) and partition-level data (FreeSpaceBytes, FileSystem, DriveType) for Windows machines.
• FileInfo: This is a parameterized entity. Admins must provide a specific path, such as FileInfo('c:\windows\system32\drivers\etc\hosts'), to retrieve metadata like FileVersion, LastModifiedDateTime, and Attributes.

🌐 Connectivity

• NetworkAdapter: Captures MacAddress across all platforms and specific Windows details like Manufacturer and AdapterType. (Limited to 20 adapters per device in Inventory).
• Cellular: Monitors mobile data settings, including CellularTechnology, DataRoamingEnabled, and ModemFirmwareVersion for iOS and Android devices.
• Bluetooth: Specifically tracks the MacAddress for Bluetooth radios on Apple platforms.

⚠️ Impact

The availability of this data schema significantly transforms how IT Administrators manage their fleet:

• Rapid Troubleshooting: On-demand queries (like FileInfo or MemoryInfo) allow admins to diagnose performance bottlenecks or file corruption without needing remote-control access to the user’s machine.
• Security Auditing: By querying LocalUserAccount and Certificate, security teams can identify unauthorized local admins or expiring certificates that could disrupt service.
• Lifecycle Management: Battery health and CycleCount data enable proactive hardware replacement programs, reducing downtime caused by aging mobile device batteries.
• Compliance Verification: Real-time checks on SystemIntegrityProtectionEnabled and ProtectionStatus ensure that devices remain within the organization’s security guardrails.

Official Source: Read the full article on Microsoft.com