Modern endpoint estates contain a lot more than the laptop itself: docking stations, external monitors, headsets, USB peripherals, and a long tail of business-specific gear. Microsoft Endpoint Analytics gives you the foundation to detect connected hardware across your fleet with a custom data-collection script and feed it into Log Analytics, where you can correlate peripheral inventory with users, locations and refresh cycles. This post walks through the pattern I use to detect connected hardware: a PowerShell collector that reads CIM classes, normalises the result, and posts it into a custom Log Analytics table — ready for Power BI and procurement reporting.
To see which devices are using a particular monitor or keyboard, it can be very helpful if you can collect this information. In this blog I will show you how to detect connected hardware with the help of Endpoint Analytics. You can then use this information to assign a driver to these devices or to trigger a hardware replacement. How you can automatically populate a group based on the output of an endpoint analytics script I explained in create and fill Microsoft Entra ID group based on local attributes.
Behind the scenes the approach builds on the Endpoint Analytics remediations feature in Microsoft Intune, so you do not need any extra agent on the client to detect connected hardware reliably.

Table of contents
How to get the Hardware Id
Run the following command in a PowerShell session
Get-PnpDevice | Format-List
Search the hardware you want to collect and copy the DeviceID:

Insert the DeviceId or multiple DeviceIds into the array in the PowerShell script from my github repository:

Deploy an Endpoint Analytics script to detect connected hardware
First we deploy an endpoint analytics script to our clients to get the return value from the clients with the device manufacturer.
- Open Endpoint Analytics
- Click + Create script package

- Enter a name and click Next

- Upload the Detection script. You can find this script in my GitHub repository.
- Click Next > Next

- Assign the script to a group
- Create a schedule. In my case I select daily.
- Click Next > Create

Result
You can see in the Device status view of the remediation script the result.
- With issues = device found
- Without issues = device not found

You can get the results also via graph:
https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/**SCRIPT_ID**/deviceRunStates?$top=100

Tips and common pitfalls
A few details decide whether this pattern stays reliable in production. The most common mistake is matching on a single, very specific DeviceID. Vendors often ship the same monitor or headset under several hardware IDs depending on firmware revision or connection type, so a strict equality check silently misses half of your fleet. I prefer to match on a stable substring of the hardware ID, or on the device’s friendly name when the vendor keeps it consistent, and to keep the matching array short and well commented.
Watch the script context as well. Endpoint Analytics remediations run in the SYSTEM context by default, which means a peripheral that is only enumerated in the signed-in user’s session may not appear. For USB devices that depend on user logon, test both contexts before you trust the inventory. It also pays to schedule the run daily rather than once: people dock, undock, and swap peripherals constantly, so a single snapshot ages quickly and a daily cadence keeps your Log Analytics table close to reality.
Finally, treat the detection output as structured data from the start. Returning a clean, parseable string (for example a comma-separated list of model names) makes it trivial to build a dynamic group or a Power BI report later, whereas free-form text forces you to clean it up every time you query it.
Conclusion
With this simple remediation pattern you can detect connected hardware on every managed device without deploying an extra agent. Once the data lands in Log Analytics you can build dynamic groups, target drivers, and plan hardware refreshes from a single source of truth. How to fill a Microsoft Entra ID group based on this value you can find in create and fill Microsoft Entra ID group based on local attributes.
Hi
I have question about script , isn’t “$lenoveDockIds” supposed to be “$deviceId” ?
Thanks
Yes is fixed
[…] Collect connected Hardware with Endpoint Analytics […]