Rich hover cards for the Microsoft Intune admin center β see device details, compliance, primary user, apps, policies, and more without clicking.
Managing devices in Intune means endless clicking β open a device, wait for the blade to load, check compliance, go back, repeat. There's no quick way to glance at device health, primary user, app failures, or policy assignments without leaving the list view.
Intune Lens adds Adaptive-Card-style hover cards directly into the Intune portal. Hover over any object name in a list view and instantly see a rich summary card.
| Section | Details |
|---|---|
| Device Info | Name, OS & version, model, serial, category, encryption, management agent, Wi-Fi/Ethernet MAC |
| User & Activity | Primary user, last check-in, enrollment date, enrollment type |
| Compliance Policies | Compliant / non-compliant / other counts, non-compliant policy names |
| Configuration Profiles | OK / error / other counts, failed profile names |
| Groups | All Azure AD group memberships (transitive), with dynamic tag |
| Managed Apps | Installed / failed / pending counts, failed & pending app names with versions |
| Hardware Details | Battery health, charge cycles, IPv4, subnet, BIOS, TPM, Credential Guard, VBS |
| Windows Autopatch | Deployment ring, update status, OS versions, policy, hotpatch enrollment |
| Section | Details |
|---|---|
| Profile | First/last name, UPN, email, job title, department, office, phone, last sign-in, created date |
| Entra Roles | All directory roles (Global Admin, Intune Admin, etc.) |
| Managed Devices | All devices with compliance status indicators |
| Groups | All group memberships (transitive), with dynamic tag |
| Section | Details |
|---|---|
| App Info | Name, publisher, description, created/modified dates |
| Install Status | Installed / failed / not installed / pending device counts |
| Assignments | All assignments with intent (required π΄ / available π’), resolved group names |
| Section | Details |
|---|---|
| Policy Info | Name, type (Configuration Profile / Settings Catalog / Admin Template / Endpoint Security / Compliance), version, description, created/modified dates |
| Device Status | Success / failed / error / conflict / N/A counts, last report date |
| Included Groups | Assignment groups with filter type |
| Excluded Groups | Exclusion groups |
- π Pin β click the pin button or move mouse to card to keep it open
- β Ώ Drag β grab the toolbar to reposition the card anywhere
- β Close β dismiss the card with the close button
- π±οΈ Scroll β mouse wheel scrolls the card content
- π Dark mode β follows system preference
- Zero infrastructure β no backend server, no Azure Functions, no App Registration
- Dual token capture β intercepts both Graph and Autopatch Bearer tokens from the active session
- Works inside Intune's iframes β injects into sandboxed React blade iframes automatically
- Multi-API support β Microsoft Graph v1.0, Graph beta, and Windows Autopatch API
- 5-minute response cache β fast repeat hovers without extra API calls
- Group name resolution β assignment groups show display names, not GUIDs
- Configurable β toggle card types on/off, adjust hover delay via the popup
No store listing yet β sideload the extension in developer mode.
- Clone this repo or download the ZIP
- Open
edge://extensions/ - Enable Developer mode (bottom-left toggle)
- Click Load unpacked β select the
Intune.Lensfolder - Navigate to intune.microsoft.com and start hovering!
- Open
chrome://extensions/ - Enable Developer mode (top-right toggle)
- Click Load unpacked β select the
Intune.Lensfolder
Note: After updating the extension files, click the π button on the extension card and refresh the Intune tab (F5).
The Intune admin center is an Azure-portal-based SPA that renders blade content inside cross-origin sandboxed iframes (sandbox-*.reactblade.portal.azure.net) and makes API calls from Web Workers. This makes traditional DOM scraping and fetch interception ineffective. Intune Lens works around these constraints:
ββ intune.microsoft.com (main frame) βββββββββββββββββββ
β β
β inject.js (MAIN world, document_start) β
β β’ monkey-patches fetch/XHR for token capture β
β β’ intercepts Response.prototype.json for data β
β β
β content.js (ISOLATED world) β
β β’ URL-based list-page detection β
β β’ proactive Graph API fetch (devices/apps/policiesβ
β β’ shares lookup data with blade iframes β
β β’ FAB (floating action button) on detail pages β
β β
ββ sandbox-*.reactblade.portal.azure.net (blade iframe) β
β β
β content.js (ISOLATED world, all_frames) β
β β’ polls service worker for shared lookup data β
β β’ scans all leaf DOM elements for name matching β
β β’ renders hover cards on mouseenter β
β β’ MutationObserver for virtual-scroll re-renders β
β β
ββ background.js (service worker) ββββββββββββββββββββββ€
β β’ webRequest.onSendHeaders β captures Graph + β
β Autopatch Bearer tokens separately β
β β’ chrome.storage.session β volatile token storage β
β β’ Graph API proxy with 5-min TTL cache (Map) β
β β’ Autopatch API proxy with separate token β
β β’ message hub for all content script instances β
β β’ shared lookup data store (main β blade iframes) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
The extension captures Bearer tokens that the Intune portal already uses β no App Registration or admin consent required.
| Token | Source | Captured via |
|---|---|---|
| Graph | graph.microsoft.com |
webRequest.onSendHeaders (primary) + inject.js fetch wrapper (fallback) |
| Autopatch | services.autopatch.microsoft.com |
webRequest.onSendHeaders (requires visiting Autopatch section once) |
Tokens are stored in chrome.storage.session (volatile β cleared on browser restart). No tokens are ever sent to external servers.
| Page | URL pattern | Data source |
|---|---|---|
| All Devices | ~/allDevices, ~/windowsDevices |
deviceManagement/managedDevices |
| Device Overview | ~/overview |
deviceManagement/managedDevices |
| Apps | AppsMenu, AppsWindowsMenu |
deviceAppManagement/mobileApps |
| Configuration | ~/configuration |
deviceConfigurations + configurationPolicies (beta) + groupPolicyConfigurations (beta) + intents (beta) |
| Compliance | ~/compliance |
deviceCompliancePolicies |
| Users | UserManagementMenuBlade |
/users |
Click the Intune Lens icon in the browser toolbar:
| Setting | Default | Description |
|---|---|---|
| Extension Enabled | β | Master on/off toggle |
| Device cards | β | Show hover cards on device names |
| User cards | β | Show hover cards on user names |
| App cards | β | Show hover cards on app names |
| Policy cards | β | Show hover cards on policy names |
| Hover delay | 400 ms | Delay before the card appears (100β1500 ms) |
| Permission | Why |
|---|---|
storage |
Persist user settings; store session tokens |
webRequest |
Observe API requests to capture auth tokens |
intune.microsoft.com |
Inject content scripts + token interceptor |
graph.microsoft.com |
Make Graph API calls from the service worker |
services.autopatch.microsoft.com |
Make Autopatch API calls |
hosting.portal.azure.net |
Inject content scripts into Intune blade iframes |
*.reactblade.portal.azure.net |
Inject content scripts into sandbox blade iframes |
# No build step β pure vanilla JS/CSS
git clone https://github.com/robgrame/Intune.Lens.git
# Load the folder as an unpacked extension
# Edit β reload extension β refresh Intune tabIntune.Lens/
βββ manifest.json # MV3 extension manifest
βββ background.js # Service worker β Graph + Autopatch API proxy, tokens, cache
βββ inject.js # Page-context token + data interceptor (MAIN world)
βββ content.js # DOM detection + hover cards (main frame + blade iframes)
βββ content.css # Fluent-UI-inspired card styles (light + dark)
βββ popup.html # Settings popup
βββ popup.js # Settings logic + easter eggs π₯
βββ popup.css # Popup styles
βββ icon{16,48,128}.png
βββ LICENSE
βββ README.md
Open DevTools (F12) on the Intune tab and filter the console by [IL]:
[IL] π Intune Lens v3.2.0 β Main frame on intune.microsoft.com/...
[IL] π Intune Lens v3.2.0 β Blade iframe on sandbox-2.reactblade.portal.azure.net/...
[IL] π MATCH β device list. Calling Graphβ¦
[IL] π Got 12 from /deviceManagement/managedDevices...
[IL] π Total: 12 device(s), lookup: 14 entries
[IL] π€ Shared 14 entries via service worker
[IL] π² Blade: got 14 entries from service worker (poll #3)
[IL] GridScan: matched 136 cells β
[IL] showCard: device d321c626-... in blade frame
[IL] π± Device apps: 50 detected
[IL] π Autopatch data received
[IL] showCard: card rendered β size=402x602
- Keyboard shortcut to pin/dismiss cards
- Export card data to clipboard (JSON / Markdown)
- Chrome Web Store / Edge Add-ons listing
- Script & remediation execution status per device
- Conditional Access policy evaluation status
Contributions are welcome! Please open an issue first to discuss what you'd like to change.
Made with β€οΈ by ROBGRAME for Intune admins everywhere