TenLens
Back to script library
Entra / Microsoft 365 · Devices

Report Entra registered devices

Generate a report about Entra registered devices using the Microsoft Graph PowerShell SDK.

Connect & set up

Run these once per session. All scopes are read-only unless the script makes changes.

Connect-MgGraph -Scopes User.Read.All, Directory.Read.All -NoWelcome

Run it

The main script. Copy it, or download the .ps1 and run it from your console.

Connect-MgGraph -Scope User.Read.All, Directory.Read.All
 
Write-Host "Finding registered devices"
[array]$Devices = Get-MgDevice -All -PageSize 999
If (!($Devices)) {
  Write-Host "No registered devices found - exiting" ; break
}
 
Write-Host ("Processing details for {0} devices" -f $Devices.count)
$Report = [System.Collections.Generic.List[Object]]::new()
$i = 0
ForEach ($Device in $Devices) {
  $i++
  Write-Host ("Reporting device {0} ({1}/{2})" -f $Device.DisplayName, $i, $Devices.count)
  $DeviceOwner = $Null
  Try {
    [array]$OwnerIds = Get-MgDeviceRegisteredOwner -DeviceId $Device.Id
    $DeviceOwner = Get-MgUser -UserId $OwnerIds[0].Id `
     -Property Id, displayName, Department, OfficeLocation, City, Country, UserPrincipalName -ErrorAction Stop
    }
  Catch {
    Write-Host ("Error fetching owners for {0}" -f $Device.DisplayName)
  }
 
  $ReportLine = [PSCustomObject][Ordered]@{
   Device              = $Device.DisplayName
   Id                  = $Device.Id
  "Device last signed in" = $Device.ApproximateLastSignInDateTime
  "Days since sign in" = (New-TimeSpan($Device.ApproximateLastSignInDateTime)).Days
   Owner               = $DeviceOwner.DisplayName
   OwnerUPN            = $DeviceOwner.UserPrincipalName
   Department          = $DeviceOwner.Department
   Office              = $DeviceOwner.OfficeLocation
   City                = $DeviceOwner.City
   Country             = $DeviceOwner.Country
   "Operating System"  = $Device.OperatingSystem
   "O/S Version"       = $Device.OperatingSystemVersion
   Registered          = $Device.RegistrationDateTime
   "Account Enabled"   = $Device.AccountEnabled
   DeviceId            = $Device.DeviceId
   TrustType           = $Device.TrustType
  }
  $Report.Add($ReportLine)
 
} #End Foreach Device
 
# Sort in order of last signed in date
$Report = $Report | Sort-Object {$_.LastSignIn -as [datetime]} -Descending
$Report | Out-GridView
 
[array]$OldDevices = $Report | Where-Object {$_.'Days Since sign in' -ge 365}
Write-Host ("There are {0} devices that have not signed in for over a year" -f $OldDevices.Count)
$OldDevices | Format-Table Device, 'Device last signed in', 'Days since sign in', Owner, OwnerUPN, Department -AutoSize
Attribution
Author
Office365itpros
Related scripts
Entra / Microsoft 365 · Exchange Online

Add contacts to mailboxes

Copies organizational contacts from a SharePoint list into Exchange user mailboxes for newly licensed users, using app-only Microsoft Graph permissions.

Entra / Microsoft 365 · Applications

Add owners to apps

Finds Entra ID app registrations without owners and assigns the last modifier or creator as owner, using unified audit log records to identify who last managed each app.

Entra / Microsoft 365 · Teams

Add Teams to group expiration policy

Adds Microsoft Teams whose backing groups are not yet covered by the Microsoft 365 group expiration policy.