Close Menu
    Automation

    Intune Driver update for Windows – Get applicable devices

    Peter KlapwijkBy Updated:54 Mins Read

    A few weeks ago Microsoft finally made the Manage Windows driver and firmware updates with Microsoft Intune feature General Available. This means we finally have more control over the drivers and firmware we deploy with Intune to our Windows devices.

    With the current implementation in the Intune portal, we can see the number of devices applicable for a driver that has not yet been reviewed and deployed. But any option to view a list of those devices is nowhere found. And for certain reasons, it would be nice to get an overview of the applicable devices.

    Microsoft published some documentation during the preview phase of the driver update feature when everything related to this needed to be configured via Microsoft Graph. When having a look at some of those URIs shared in this document and combining them, I am at least able to get the Azure AD Device IDs from the applicable devices of a driver.

    Although this is not a nice report, I thought it’s worth sharing the Graph API URIs with the community to get at least some information regarding the applicable devices.
    And maybe one of the handy people in our great community can create a script with these URIs to make a better report as long as showing the applicable devices is not part of the feature in the Intune portal.

    If we’re having a look at the documentation it writes about creating the update policies and reviewing them with the URI:
    https://graph.microsoft.com/beta/admin/windows/updates/updatePolicies/PolicyID

    And it describes the URI to show applicable drivers and firmware with URI:
    GET https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences/AudienceID/applicableContent

    Notes: these Graph API queries use the beta version, thus this is not production ready and things related to this might change.
    The permission we need to run these queries is WindowsUpdates.ReadWrite.All.

    In the below example, I used Graph Explorer to get the info I needed.
    If we run the first query with the below URI, we get some information related to the Driver update policies (called audiences) that are available in Intune:

    https://graph.microsoft.com/beta/admin/windows/updates/updatepolicies

    It lists all the policies we created, but I hope you haven’t created a lot of these policies because the policy names aren’t shown.
    I could match my policy by lastModifiedDateTime.

    If you’ve found the driver update policy you want to further investigate, note the audience ID.
    We need that ID in the next query.

    By running the second query with the audience ID in it, we query for the drivers in that policy (applicable content).
    We get a complete list of all the drivers with the matched devices (the applicable devices we are looking for).

    As you can see in the below screenshot, the previously noted Audience ID is used in the URI:

    https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences/AudienceID/applicableContent

    Replace AudienceID with your noted audience ID.

    The section matchedDevices shows the applicable devices.
    And some information is shown about the related driver, like the display name and description.

    Note the matched devices is shown before the related driver in case multiple applicable drivers are shown.

    The deviceID shown is the Azure Device ID.
    We can use it to look up the device in Intune and Azure AD.

    The query to show the applicable content (applicable drivers) might produce a very long list of drivers and matched devices. Fortunately, the URI supports filtering.

    We can for example use an equal filter:

    https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences/AudienceID/applicableContent?$filter=catalogEntry/displayName eq 'Logitech - HIDClass - 2/17/2017 12:00:00 AM - 1.10.84.0'

    Replace AudienceID with your noted audience ID.

    Or we can use an contains filter:

    https://graph.microsoft.com/beta/admin/windows/updates/deploymentaudiences/AudienceID/applicableContent?$filter=contains(catalogEntry/displayName, 'Logitech')

    Replace AudienceID with your noted audience ID.

    At least we have some information regarding the applicable devices for the Driver updates for Windows 10 and later feature. Let’s hope Microsoft will make this information soon available in the Intune portal.

    You might also be interested in this blog post “Create a Windows Driver update approval report with Logic Apps“.

    Share.

    Peter is a Security (Intune) MVP since 2020 and is working as Modern Workplace Engineer at Wortell in The Netherlands. He has more than 15 years of experience in IT, with a strong focus on Microsoft technologies like Microsoft Intune, Windows, and (low-code) automation.

    Related Posts

    View 5 Comments

    5 Comments

    1. Gopi on

      For some reason I don’t see any updates under recommend drivers … Though I have enabled manual approval

      Reply
      • Roy on

        Hi Gopi, for us the drivers started to populate after 2 or 3 days. So I am curious, are they now visible?

        Reply
        • Peter Klapwijk on

          There was some queuing during the weekend was mentioned on Twitter. My data also took about two days to show, but a new profile showed data after about 24 hours.

          Reply
    2. C on

      Hello,
      We already have a deployed and assigned Driver Update profile populated with drivers and applicable devices.

      When I get the applicableContent from our only Audience, I’m able to see the catalogEntries for each driver, but I do not see matchedDevices anywhere on the response from Graph Explorer. Any ideas?

      Reply
    Leave A Reply