Discovered Apps – The Intune Software Inventory

by | Sep 13, 2023 | Blog, Tech Blog

Patch Tuesday Releases

Tech Blogs

Critical Patches

It’s no secret that Intune is dominating the market as the leading cloud solution for endpoint management. Even though its initial focus was mobile device management (MDM), its capabilities were quickly expanded to include Windows and macOS devices as well. 

Today, more and more large organizations use Microsoft Intune to manage their estates. As it integrates with Entra ID, it can keep a tight handle on device configuration, user access, and data protection. To keep up with today’s fast-moving world, Intune features and functionality are being added at a crazy pace. If you don’t believe me, just check out Microsoft’s release history

This momentum is great! Well, until you want to keep track of all these changes without your head exploding. Of course, here is where tech blogs come to our aid with their much-needed reviews and deep dives into Intune’s newly added features. But some things are bound to slip through the cracks. One such example is the Intune Discovered Apps, this unsung hero of the Intune dominion. 

Even though it has been around for a few years, there is little to no information available about Discovered Apps, and most of what is out there is out of date. This blog post will hopefully shed some light on Discovered Apps and address some of the most common questions about this great feature.

Is There an Intune Software Inventory?

This might seem like a silly question, right? At least until you check the Intune portal and find nothing by that name. But don’t worry, a software inventory does exist: Intune just calls it Discovered Apps. This name makes sense because Intune uses detection rules to “discover” the applications installed on your devices, regardless of whether they are managed or unmanaged. (note: this refers to the applications only. Microsoft Intune has no power over unmanaged devices.)

How Do I Access Discovered Apps?

The process depends on what you’re after. Discovered Apps are visible per individual device or as an aggregate count across your tenant. This is where you can find each.

Discovered Apps - Individual Device
Discovered Apps – Individual Device
Discovered Apps - Aggregate Count

They say an image is worth a thousand words, so by my calculation, two images must be worth two thousand. Cha-ching!

How Is the Software Inventory Collected?

It’s simple: with IME magic. The Intune Management Extension uses a specific WMI class – the Win32_InstalledWin32Program one, to be more precise – to query installed software, then writes that application information into the registry. The key it uses to store this data is the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Inventories

The application information collected will be referenced during the delta inventory that runs on the next scan. This is also the information that started being randomly deleted by the IME in July, causing all kinds of confusion. What exactly happened, you ask?

The Great Intune Inventory Bug of July 2023

At the beginning of July, a Microsoft Intune bug caused the Discovered Apps to return no entries for Win32 apps. This coincided with the release of IME version 1.68.105.0. 

On the bright side, this prompted a fantastic PMPC engineer, Ben Whitmore, to take a deep dive into the underbelly of Intune Inventory and resurface with some excellent findings. His investigation not only cracked the case but also gave us a better understanding of how the Intune inventory is run. 

On the not-so-bright side, poor Win32 apps went unnoticed for a few weeks, until IME version 1.68.204.0 rode in on its white horse and saved the day. 

How to Use the Software Inventory Data Stored in the Registry

In addition to the app information IME stores in the “Inventories” key, it also saves your inventory settings in the following registry key:

HKEY_LOCAL_MACHINESOFTWARE\Microsoft\IntuneManagementExtension\InventorySetting 

LastFullSyncTimeUtc

This registry value will let you know the time of the most recent full sync. You can use this information in conjunction with the Discovered Apps data to create a more accurate picture. 

FirstTimeSwitch

If you don’t want to wait until the next sync and have no trouble being sneaky, you can delete this value to force a full sync. 

Discovered Apps and Device Types

If you’re wondering which types of devices in the Intune portal return information about which of their installed apps, Microsoft offers a comprehensive list here. In rough translation, that means there are certain criteria that devices must meet for their installed apps to be detected by Intune. 

Windows Device Requirements for Discovered Apps

To be eligible for the Intune Software Inventory, the following requirements must be met by Windows devices:

  1. They must be Intune-enrolled devices. 

  2. They must have the IME agent installed. 

  3. They must be corporate devices. 

How to set device ownership

If all of the above conditions are met and the OS version is Windows 10 or 11, Intune should be able to detect managed applications, as well as manually installed ones. For older Windows versions, only managed apps are detected. 

Discovered Apps on Non-Windows Devices

As a general rule, macOS, iOS, and Android devices fall into two categories when it comes to app detection:

  • Personal devices – because of privacy concerns, only managed apps are inventoried.

  • Corporate devices – all apps installed on the device are detected.

What About Co-managed Devices?

Co-managed devices will only collect app inventory through Intune if the client apps workload in Configuration Manager is switched to Intune. This will prompt the Intune Management Extension to be installed on the devices so it can get the necessary data. 

How Often Does the Software Inventory Run?

Discovered Apps refresh cycles are different depending on the OS and app types.

1. Non-Windows Devices Refresh Cycle

For macOS, Android, or iOS devices, as well as devices without the IME installed, the inventory will run every seven days from device enrollment. 

2. Windows Devices Refresh Cycle 

For Windows devices with the Intune Management Extension installed, the following will happen:

  • Win32 Apps

    • A delta inventory will be performed every 24 hours and when the IME service starts.

    • A full inventory will be taken when the IME is installed and every seven days after that.

  • Modern Microsoft Store Apps will be inventoried every seven days.

It’s important to note that the seven-day refresh cycle concerns every device individually and does not apply to the entire Intune tenant. 

Can I Export the Intune Software Inventory Report? 

Yes, you can. Both the individual and the aggregate Discovered Apps report can be exported as a CSV file.

Individual discovered apps report example
Exporting the aggregate software inventory report

For the tenant-wide discovered apps, you have a few choices: 

Export the Discovered Apps Aggregate Data Set

This report will give you less detail in fewer columns but it will provide the total number of devices each app is installed on.

Aggregate discovered apps report - aggregate data set

Export the Discovered Apps Raw Data Set

This report will not provide you with the aggregate numbers, but it will contain details about each individual device a certain app is installed on, such as the device name and the user ID

Aggregate discovered apps report - raw data set

A More Elegant Solution: Discover Apps with PowerShell and Graph 

If you’re not a big fan of CSV files and you like PowerShell, my colleague Vincent has got you covered. He wrote a great script you can use to get the Discovered Apps information from Intune via Microsoft Graph. 

Discovered Apps Inconsistencies

Much like everything else in the world, the Discovered Apps feature in Microsoft Intune is imperfect. That means the results it returns are not always accurate. Possible reasons for inconsistencies include:

  • targeting changes reflected with a delay in the detected apps

  • different time intervals for collecting information about discovered apps and app status

  • multiple users on the same device 

So What Have We Been On About?

The Microsoft Intune Discovered Apps feature is a great – albeit imperfect – way of keeping track of the applications installed within your tenant. In an increasingly security-driven IT landscape, this capability is a must-have. 

Learning how to use this functionality will help you better manage and protect your infrastructure. The ability to detect apps already installed on your devices will allow you to identify and address any possible vulnerabilities. 

If regularly checking software inventory reports against vendor websites to keep your software up to date seems like a daunting task, you don’t have to do it alone. Patch My PC can integrate with Intune to automate 3rd party software patching for you. Schedule a live demo today and find out exactly how that works!

Tech Blog

PowerShell Uses - Feature Image

PowerShell Uses – Things to Start Doing, Things to Stop Doing

There are some things in PowerShell that you need to start doing but also stop doing. What is PowerShell and some of the best practices?

Intune Win32 Apps Guide to Availability and Deadlines Feature Image

Intune Win32 apps: A Strategic Guide to Availability and Deadlines

Discover the ins and outs of Intune Management Extension in our latest blog post. We’re exploring its behavior with scheduled win32 app...

Windows Defender Exploit Guard breaks Google Chrome

Often, blog titles are sensationalised and designed to draw the readers attention. In September 2023, we did actually observe the behavior described...

Intune Scope Tags and Role-Based Access Control Explained

In today's interconnected era, it has become increasingly common for large organizations to have multiple IT departments and workers spread across...

Intune Discovered Apps – Missing Inventory Data

At the tail end of June 2023 and into the first week of July 2023, many admins started to report that application inventory data was missing in...
Intune Discovery Apps - Detecting your applications and gaining back control Feature Image

Intune Discovered Apps – Detecting your applications and gaining back control

Learn more about the power of Intune Discovered Apps for application inventory management. Detect and manage your software inventory...

Intune Microsoft Store Integration App Migration Failures (0x87D1041C)

In July 2021, Microsoft announced that both Microsoft Store for Business and Education would be deprecated on March 31, 2023. While Microsoft has...
Automatic Deployment Rules and ConfigMgr

Automatic Deployment Rules (ADR) and ConfigMgr and why you should use them

What is an ADR Getting Started with ADR Creating and Defining an ADR What are Deployment Packages?In this blog we will review Automatic Deployment...

How to use PowerShell to install Windows updates & ensure long-term compliance

In this post I will walk you through how to install Windows updates and report on patch compliance using Windows PowerShell. We will be using:...

Mastering ConfigMgr Client Actions

In this blog post, we’ll take a deep dive into the various SCCM client actions, including when to use them, what they do, and which log files...

PowerShell Uses – Things to Start Doing, Things to Stop Doing

There are some things in PowerShell that you need to start doing but also stop doing. What is PowerShell and some of the best practices?

Intune Win32 apps: A Strategic Guide to Availability and Deadlines

Discover the ins and outs of Intune Management Extension in our latest blog post. We’re exploring its behavior with scheduled win32 app...

Windows Defender Exploit Guard breaks Google Chrome

Often, blog titles are sensationalised and designed to draw the readers attention. In September 2023, we did actually observe the behavior described...

Intune Scope Tags and Role-Based Access Control Explained

In today's interconnected era, it has become increasingly common for large organizations to have multiple IT departments and workers spread across...

Intune Discovered Apps – Missing Inventory Data

At the tail end of June 2023 and into the first week of July 2023, many admins started to report that application inventory data was missing in...

Intune Discovered Apps – Detecting your applications and gaining back control

Learn more about the power of Intune Discovered Apps for application inventory management. Detect and manage your software inventory...

Intune Microsoft Store Integration App Migration Failures (0x87D1041C)

In July 2021, Microsoft announced that both Microsoft Store for Business and Education would be deprecated on March 31, 2023. While Microsoft has...

Automatic Deployment Rules (ADR) and ConfigMgr and why you should use them

What is an ADR Getting Started with ADR Creating and Defining an ADR What are Deployment Packages?In this blog we will review Automatic Deployment...

How to use PowerShell to install Windows updates & ensure long-term compliance

In this post I will walk you through how to install Windows updates and report on patch compliance using Windows PowerShell. We will be using:...

Mastering ConfigMgr Client Actions

In this blog post, we’ll take a deep dive into the various SCCM client actions, including when to use them, what they do, and which log files...