Related features:

Related Powershell Guides:

How to get all devices in Microsoft Entra ID

In this page

Device objects in Entra ID include important details such as device ID, display name, operating system, trust type, and last sign-in activity. For IT admins, pulling this information in bulk or retrieving it for a specific group of devices can get challenging, especially when managing large environments. Fortunately, there are efficient methods available to retrieve these details.

  • M365 admin center
  • PowerShell
  • ADManager Plus
 

Get all devices in Microsoft Entra ID using Entra admin center

  • Sign-in to Microsoft Entra admin center.
  • Go to Devices -> All devices under Entra ID.
  • Find all devices and filter them based on your requirement.
A comprehensive report showing how to get all devices in the Entra admin center

Get all devices using Windows PowerShell

  • Connect to the Azure AD PowerShell.
    Connect-AzureAD
  • Follow the below cmdlets to get Entra ID managed devices.
    Get-MgDevice

Example use case to get only windows devices

Example query

Connect-MgGraph -Scopes "Device.Read.All"
Get-MgDevice -All | Where-Object { $_.OperatingSystem -eq "Windows" } | Select-Object DisplayName, OperatingSystem, OperatingSystemVersion

Example output

DisplayName OperatingSystem OperatingSystemVersion
----------- -------------- ----------------------
WIN10-LAPTOP01 Windows 10.0.19045.3930
JOHN-DESKTOP Windows 11.0.26100.1742

Get all devices using Microsoft Graph PowerShell

The syntax is as follows:

Get-MgDevice
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-Filter <String>]
[-Search <String>]
[-Skip <Int32>]
[-Sort <String[]>]
[-Top <Int32>]
[-ConsistencyLevel <String>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PageSize <Int32>]
[-All]
[-CountVariable <String>]
[<CommonParameters>]

Example use case to get a device

Example query

Import-Module Microsoft.Graph.Identity.DirectoryManagement
Get-MgDevice -DeviceId "72c3f3f9-2a17-4f55-b4b3-efb7cdb3f82e"

Example output

Id : 72c3f3f9-2a17-4f55-b4b3-efb7cdb3f82e
AccountEnabled : True
DeviceId : 72c3f3f9-2a17-4f55-b4b3-efb7cdb3f82e
DisplayName : Sales-Laptop-01
OperatingSystem : Windows
OperatingSystemVersion : 10.0.22621.2134
DeviceTrustType : AzureAD
DeviceOwnership : Company
IsCompliant : True
IsManaged : True
ManagementType : MDM
ApproximateLastSignInDateTime : 18-08-2025 10:34:22
PhysicalIds : {}
ExtensionAttributes : {}
OnPremisesSyncEnabled :
RegisteredOwners : {Alex Johnson}
RegisteredUsers : {Alex Johnson}
SystemLabels : {}

The output shows a Windows device called Sales-Laptop-01. It’s Azure AD–joined under the company’s ownership, managed through MDM, and marked compliant with policies. The laptop last signed in on Aug. 18, 2025 at 10:34:22. The account is enabled, and both the DeviceId and Id match, confirming its unique identifier in Entra ID. Alex Johnson is listed as both the registered owner and user of the device. Some optional fields like PhysicalIds, ExtensionAttributes, and SystemLabels are empty, which just means no extra tags or labels are applied.

Simplify Your Microsoft 365 Management and Reporting

ADManager Plus helps Microsoft 365 admins manage their environment easily with a simple interface that makes daily tasks faster and easier.

Directory cleanup and security

  • Find inactive accounts using ready-made reports.
  • Remove them quickly to keep your directory clean and secure.

User life cycle management

  • Handle bulk user creation and removal easily.
  • Make sure users have the right access and no unused accounts are left behind.

Access control

Reports and auditing

  • Get 200+ ready-to-use reports on users, groups, licenses, and directory health.
  • Export reports in CSV, PDF, or HTML formats for easy audits and compliance.

Automation

  • Automate repetitive tasks like bulk user changes, license management, and group updates.
  • Save time on routine administrative work.

Risk management

  • Spot users with too many permissions and assess potential risk exposure.
  • Get clear guidance on how to fix issues and improve security.

Important tips

  • Manage devices with an MDM solution

    Use a Mobile Device Management (MDM) platform to enforce security baselines, push configurations, and monitor device health at scale.

  • Retire or disable inactive devices

    Remove devices that are no longer in use to minimize security exposure and avoid unnecessary license consumption.

  • Use Conditional Access policies

    Restrict access based on device compliance, user role, or location to maintain a stronger security posture.

Explore other options to see how ADManager simplifies Microsoft 365

Try it now for free

FAQs:

If you have a CSV with a column called DeviceName, you can loop through it and fetch object IDs:

  • Go to Entra admin center → Entra ID → Conditional Access → Policies
  • Select Download at the top to export all policies into a CSV file.
$devices = Import-Csv .\devices.csv
foreach ($d in $devices) {
Get-MgDevice -Filter "displayName eq '$($d.DeviceName)'" | Select-Object DisplayName, Id
}

This gives each device's name and its corresponding Object ID from Entra ID.

Using Entra admin center

  • Sign in to the Microsoft Entra admin center with at least a Cloud Device Administrator or Global Administrator role.
  • Go to Identity > Users > pick the user you want.
  • On the user's profile page, select Devices.
  • You'll see all devices that are registered or joined for that user, along with details like device name, OS, compliance, and join type.

It's the UI equivalent of running Get-MgUserRegisteredDevice.

Using Graph PowerShell

Get-MgUserRegisteredDevice -UserId "jane@contoso.com" | Select-Object DisplayName, Id, OperatingSystem

The last logged-on user for a device isn't available directly from the Get-MgDevice cmdlet in Entra ID because that object mainly tracks registration and compliance. To see who last signed in, you have two options, which are listed below.

Microsoft Intune

  1. Go to Microsoft Intune admin center → Devices → All devices.
  2. Select the device in question.
  3. Under Device properties, look for Primary user.
    • This usually reflects the last logged-on user, especially for corporate-owned devices.
  4. For more detail, open the device record → MonitorSign-ins or Device diagnostics.

Graph PowerShell

You can query Intune's managed device endpoint.

Get-MgDeviceManagementManagedDevice -Filter "deviceName eq 'Sales-Laptop-01'" | Select-Object DeviceName, UserPrincipalName, LastSyncDateTime
  • UserPrincipalName here shows the user currently associated with the device.
  • This is as close as you'll get to "last logged-on user" via Graph.

The syntax to filter devices by DeviceId is given below

Get-MgDevice -Filter "deviceId eq '<DeviceId>'"

Example

Get-MgDevice -Filter "deviceId eq '72c3f3f9-2a17-4f55-b4b3-efb7cdb3f82e'"

This pulls the details of the device that matches the given DeviceId.

The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link Email the ADManager Plus download link