What does the FreeITSM Intune dashboard cover?

Five KPI cards (total devices, compliant percentage, encrypted percentage, devices stale for 30+ days, devices enrolled in the last 30 days) and eight Chart.js widgets — compliance breakdown, operating system distribution, owner type (corporate vs personal), top ten manufacturers, top ten OS+version combinations, last-sync window distribution, 90-day enrolment trend, and encryption-by-OS as a stacked bar. Threshold-based KPI tone (green/red) flags low compliance or encryption percentages at a glance.

Can I drill down from a chart to the underlying devices?

Yes. Every chart is clickable — click any slice on a doughnut, bar on a bar chart, point on the enrolment line, or segment on the encryption stacked bar to open a modal listing the matching devices. The modal shows device name, user, OS, compliance pill, encryption status, and last sync. Pagination is 25 rows per page with Prev/Next navigation. Four of the five KPI cards are also clickable for the same drill-down (Compliant, Encrypted, Stale, and Enrolled).

Can I export the device list to CSV?

Yes. The drill-down modal has an Export CSV button on its footer. Clicking it triggers a download of every matching row (not just the current page) — including device name, user, user email, OS, OS version, compliance state, owner type, manufacturer, model, encryption status, last sync timestamp, and enrolled timestamp. The file is UTF-8 with a BOM so Excel opens it without mangling accented characters.

Where does the Intune data come from?

Intune device data is synced from Microsoft Graph API into the local intune_devices table by the Intune sync job in the Assets module. The dashboard reads from the local copy, so it works regardless of whether the Graph API is currently reachable, and it shows the timestamp of the last successful sync in the toolbar so you always know how fresh the numbers are. Re-running the sync from the Assets module updates the local copy and refreshing the dashboard shows the updated aggregations.

Charts answer how many. Names answer now what. — Deep Dive: the Intune dashboard in FreeITSM

Monthly compliance review. Someone in the room asks the question every IT manager has heard: "How many devices are non-compliant?" You bring up the dashboard. Forty-seven. Good number. Then comes the follow-up: "Which ones?" And you're either tabbing back through the Intune portal hunting filters, or you're saying "I'll send round a list later" and watching three other people quietly mark it as still open.

The chart did its job. It told you forty-seven. The chart's job ended there.

The Intune data sitting in FreeITSM — pulled in via the Microsoft Graph sync — covers everything you'd want to ask: compliance, encryption, OS spread, manufacturer mix, owner type, last-sync recency, enrolment trend. Plenty for a dashboard. The new Intune dashboard at /reporting/intune/ is that dashboard. Five KPI cards, eight Chart.js widgets, the lot. But the headline isn't the charts — it's that every chart is clickable, and clicking a chart shows you the actual devices behind it, with single-click CSV export of the lot.

The shape of the dashboard

Across the top, a strip of five KPIs:

Total

1,284

Compliant

94%

Encrypted

87%

Stale 30d+

Enrolled 30d

The compliance and encryption percentages turn green above 90%, amber from 70 to 90, red below. Stale devices — those that haven't checked in for thirty days — turn green at zero, amber up to fifty, red beyond. So a glance at the row tells you the state of the estate before your eyes have settled on any individual chart.

Below the KPI strip, eight charts in a two-column grid:

The choices are deliberate. Compliance and encryption are the security questions. OS, manufacturer, version, and owner type are the inventory questions. Last sync and enrolment trend are the lifecycle questions. Between them they cover most of what an IT team actually wants from an MDM dashboard, and they all run from the same single API call so the page renders in one round-trip.

The bit that makes it useful

Click any slice on a doughnut. A bar on a bar chart. A point on the enrolment line. A segment on the stacked encryption bar. A KPI card. Any of them.

A modal slides in. The title says what you clicked — "Stale (30+ days) · 73 devices", or "Encrypted · Windows", or "Enrolled on 12 April 2026". Below it, a table: device name, user, OS, compliance pill, encrypted yes/no, last sync. Twenty-five rows per page, prev/next buttons in the footer. And the bit that closes the loop — an Export CSV button that downloads every matching row, not just the current page, with a UTF-8 BOM so Excel opens it cleanly.

A dashboard you can't drill into is a wall poster.

This is what makes the difference in the meeting room. Question one is "how many" — the dashboard shows the chart. Question two is "which ones" — click the slice. Question three is "send me the list" — click Export. Three clicks total. Nobody marks the action as still open.

How it works under the hood

The pattern is simple but worth being deliberate about. There's one chart-data endpoint that returns every aggregation in a single payload, so the page renders in one round-trip. There's one drill-down endpoint that takes a filter enum and a value — compliance, os, manufacturer, last_sync, enrolment_day, encryption_os, plus four kpi_* shortcuts. The same endpoint serves both JSON for the modal table and CSV for the export, switched by a format parameter.

The filter enum is whitelisted server-side. Anything not in the list returns an error rather than running. All values flow through parameterised PDO queries — user-supplied strings never touch the SQL string. Building drill-down UIs from chart clicks has historically been the easiest place in a codebase to introduce a SQL injection because the URLs feel like internal plumbing; treating them like any other query parameter and validating them up front kills that whole class of bug.

Charts answer "how many". Names answer "now what".

What this changes

The interesting thing isn't really the charts. Most IT teams already have somewhere they could pull these numbers from — the Intune admin centre itself does it, after all. What teams typically don't have is a way to act on a chart in the same gesture as reading it. Intune's own portal is rich but heavy: clicking through to the noncompliant list takes you out of whatever you were doing, into a different navigation tree, with its own filters that you have to find again. The point-of-truth shifts.

A dashboard with click-through and CSV export keeps the point-of-truth in the same place. You read the number, you click the number, you get the names, you send the list. You never leave the dashboard. The next person who asks a question gets an answer in seconds rather than "I'll dig that out after the meeting".

That's the difference between a dashboard that gets opened once a month for a review and one that becomes the place people go to when something needs doing. The charts are the same. The drill-down is what makes it useful.