Close Menu
Peter Klapwijk – In The Cloud 24-7Peter Klapwijk – In The Cloud 24-7
    Facebook X (Twitter) Instagram
    Peter Klapwijk – In The Cloud 24-7Peter Klapwijk – In The Cloud 24-7
    • Home
    • Intune
    • Windows
      • Modern Workplace
    • macOS
    • Android
    • iOS
    • Automation
      • Logic Apps
      • Intune Monitoring
      • GitHub
    • Security
      • Passwordless
      • Security
    • Speaking
    • About me
    Peter Klapwijk – In The Cloud 24-7Peter Klapwijk – In The Cloud 24-7
    Home»Automation»Intune Driver update for Windows – Get applicable devices
    Automation

    Intune Driver update for Windows – Get applicable devices

    Peter KlapwijkBy Peter KlapwijkJuly 11, 2023Updated:February 14, 202554 Mins Read

    A few weeks ago Microsoft finally made the Manage Windows driver and firmware updates with Microsoft Intune feature General Available. This means we finally have more control over the drivers and firmware we deploy with Intune to our Windows devices.

    With the current implementation in the Intune portal, we can see the number of devices applicable for a driver that has not yet been reviewed and deployed. But any option to view a list of those devices is nowhere found. And for certain reasons, it would be nice to get an overview of the applicable devices.

    Microsoft published some documentation during the preview phase of the driver update feature when everything related to this needed to be configured via Microsoft Graph. When having a look at some of those URIs shared in this document and combining them, I am at least able to get the Azure AD Device IDs from the applicable devices of a driver.

    Although this is not a nice report, I thought it’s worth sharing the Graph API URIs with the community to get at least some information regarding the applicable devices.
    And maybe one of the handy people in our great community can create a script with these URIs to make a better report as long as showing the applicable devices is not part of the feature in the Intune portal.

    If we’re having a look at the documentation it writes about creating the update policies and reviewing them with the URI:
    https://graph.microsoft.com/beta/admin/windows/updates/updatePolicies/PolicyID

    And it describes the URI to show applicable drivers and firmware with URI:
    GET https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences/AudienceID/applicableContent

    Notes: these Graph API queries use the beta version, thus this is not production ready and things related to this might change.
    The permission we need to run these queries is WindowsUpdates.ReadWrite.All.

    In the below example, I used Graph Explorer to get the info I needed.
    If we run the first query with the below URI, we get some information related to the Driver update policies (called audiences) that are available in Intune:

    https://graph.microsoft.com/beta/admin/windows/updates/updatepolicies

    It lists all the policies we created, but I hope you haven’t created a lot of these policies because the policy names aren’t shown.
    I could match my policy by lastModifiedDateTime.

    If you’ve found the driver update policy you want to further investigate, note the audience ID.
    We need that ID in the next query.

    By running the second query with the audience ID in it, we query for the drivers in that policy (applicable content).
    We get a complete list of all the drivers with the matched devices (the applicable devices we are looking for).

    As you can see in the below screenshot, the previously noted Audience ID is used in the URI:

    https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences/AudienceID/applicableContent

    Replace AudienceID with your noted audience ID.

    The section matchedDevices shows the applicable devices.
    And some information is shown about the related driver, like the display name and description.

    Note the matched devices is shown before the related driver in case multiple applicable drivers are shown.

    The deviceID shown is the Azure Device ID.
    We can use it to look up the device in Intune and Azure AD.

    The query to show the applicable content (applicable drivers) might produce a very long list of drivers and matched devices. Fortunately, the URI supports filtering.

    We can for example use an equal filter:

    https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences/AudienceID/applicableContent?$filter=catalogEntry/displayName eq 'Logitech - HIDClass - 2/17/2017 12:00:00 AM - 1.10.84.0'

    Replace AudienceID with your noted audience ID.

    Or we can use an contains filter:

    https://graph.microsoft.com/beta/admin/windows/updates/deploymentaudiences/AudienceID/applicableContent?$filter=contains(catalogEntry/displayName, 'Logitech')

    Replace AudienceID with your noted audience ID.

    At least we have some information regarding the applicable devices for the Driver updates for Windows 10 and later feature. Let’s hope Microsoft will make this information soon available in the Intune portal.

    You might also be interested in this blog post “Create a Windows Driver update approval report with Logic Apps“.

    Intune Microsoft Endpoint Manager Windows Windows 10 Windows 11 Windows Update WUfB
    Share. Facebook Twitter LinkedIn Email WhatsApp
    Peter Klapwijk
    • Website
    • X (Twitter)
    • LinkedIn

    Peter is a Security (Intune) MVP since 2020 and is working as Modern Workplace Engineer at Wortell in The Netherlands. He has more than 15 years of experience in IT, with a strong focus on Microsoft technologies like Microsoft Intune, Windows, and (low-code) automation.

    Related Posts

    Update Microsoft Edge during Windows Autopilot enrollments

    July 9, 2024

    Configure Windows Update for Business reporting

    June 8, 2023

    The new way of managing Windows 10 settings with Microsoft Intune – Settings Catalog

    February 8, 2021
    View 5 Comments

    5 Comments

    1. Gopi on July 12, 2023 13:32

      For some reason I don’t see any updates under recommend drivers … Though I have enabled manual approval

      Reply
      • Roy on July 16, 2023 22:52

        Hi Gopi, for us the drivers started to populate after 2 or 3 days. So I am curious, are they now visible?

        Reply
        • Peter Klapwijk on July 17, 2023 16:56

          There was some queuing during the weekend was mentioned on Twitter. My data also took about two days to show, but a new profile showed data after about 24 hours.

          Reply
    2. C on April 10, 2024 22:50

      Hello,
      We already have a deployed and assigned Driver Update profile populated with drivers and applicable devices.

      When I get the applicableContent from our only Audience, I’m able to see the catalogEntries for each driver, but I do not see matchedDevices anywhere on the response from Graph Explorer. Any ideas?

      Reply
      • ravi kumar on July 15, 2024 05:47

        Facing the same issue where we don’t see any matched Devices .

        Reply
    Leave A Reply Cancel Reply

    Peter Klapwijk

    Hi! Welcome to my blog post.
    I hope you enjoy reading my articles.

    Hit the About Me button to get in contact with me or leave a comment.

    Awards
    Sponsor
    Latest Posts

    Hide the “Turn on an ad privacy feature” pop-up in Chrome with Microsoft Intune

    April 19, 2025

    How to set Google as default search provider with Microsoft Intune

    April 18, 2025

    Using Windows Autopilot device preparation with Windows 365 Frontline shared cloud PCs

    April 13, 2025

    Using Visual Studio with Microsoft Endpoint Privilege Management, some notes

    April 8, 2025
    follow me
    • Twitter 4.8K
    • LinkedIn 6.1K
    • YouTube
    Tags
    Administrative Templates Android Automation Autopilot Azure Azure AD Browser Conditional Access Edge EMS Exchange Online Feitian FIDO2 Flow Google Chrome Graph Graph API Identity Management Intune Intune Monitoring iOS KIOSK Logic Apps macOS MEM MEMMonitoring Microsoft 365 Microsoft Edge Microsoft Endpoint Manager Modern Workplace Office 365 OneDrive for Business Outlook Passwordless PowerApps Power Automate Security SharePoint Online Teams Windows Windows 10 Windows10 Windows 11 Windows Autopilot Windows Update
    Copy right

    This information is provided “AS IS” with no warranties, confers no rights and is not supported by the authors, or In The Cloud 24-7.

     

    Copyright © 2025 by In The Cloud 24-7/ Peter Klapwijk. All rights reserved, No part of the information on this web site may be reproduced or posted in any form or by any means without the prior written permission of the publisher.

    Shorthand; Don’t pass off my work as yours, it’s not nice.

    Recent Comments
    • Peter Klapwijk on Using Windows Autopilot device preparation with Windows 365 Frontline shared cloud PCs
    • John M on Using Windows Autopilot device preparation with Windows 365 Frontline shared cloud PCs
    • Christoffer Jakobsen on Connect to Azure file shares with Microsoft Entra Private Access
    • Ludo on How to block Bluetooth file transfer with Microsoft Intune
    • RCharles on Automatically configure the time zone (during Autopilot enrollment)
    most popular

    Application installation issues; Download pending

    October 1, 2024

    Restrict which users can logon into a Windows 10 device with Microsoft Intune

    April 11, 2020

    How to change the Windows 11 language with Intune

    November 11, 2022

    Update Microsoft Edge during Windows Autopilot enrollments

    July 9, 2024
    Peter Klapwijk – In The Cloud 24-7
    X (Twitter) LinkedIn YouTube RSS
    © 2025 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.

    Manage Cookie Consent
    To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
    View preferences
    {title} {title} {title}