Check Intune Device Status and Recent Remote Actions

Help desk and endpoint admins frequently need to answer a simple question: what is the current state of this device? Whether a user has reported a sync issue, a manager is asking why a laptop shows as non-compliant, or someone needs to confirm that a previously-issued remote wipe actually completed, the fastest way to get a definitive answer is to query Intune directly.

This recipe walks through the standard triage flow: locate a Windows, macOS, iOS, or Android device by name in Microsoft Intune, pull its compliance and hardware record, and inspect the deviceActionResults property for any remote actions (wipe, retire, sync, restart, locate, etc.) that are pending, running, or recently completed.

Run this any time a ticket mentions a specific device, before escalating compliance questions, or as the first step in an investigation of a suspected lost/stolen endpoint.

After completing this recipe you will have:

• The Intune managed device ID, Entra device ID, and serial number for the target device
• Current compliance state, OS version, encryption status, and last check-in time
• The primary user assigned to the device
• A clear view of any remote actions that are pending, in-progress, or recently completed (including wipe, retire, sync, restart, and fresh start)
• Enough context to decide whether to escalate, retry an action, or close the ticket

Things to watch out for:

• Device name collisions: Windows auto-generated names are usually unique, but iOS/Android devices named after the user (e.g. "Alex's iPhone") can match multiple records. Always confirm with the serial number or primary user.
• Stale data: The lastSyncDateTime shows when the device last checked in with Intune. If it is more than a few days old, the status you see may not reflect reality. Trigger a sync before making decisions.
• Read-only operation: This recipe only reads device state. It does not modify anything. Taking follow-up actions (wipe, retire, reset passcode) requires elevated permissions and is covered in separate recipes.
• Action result history is limited: The deviceActionResults collection reflects recent and pending actions only. It is not a full audit log. Use the Intune audit logs or Entra sign-in logs for historical forensics.
• PII exposure: Device records contain user UPN, email, serial number, and MAC addresses. Do not paste raw output into tickets or chat without redacting sensitive fields.