Microsoft has quietly flagged an important caveat for IT administrators eager to use Intune's Discovered Apps feature: do not treat this data as your operational software inventory just yet. The warning, buried in platform documentation, clarifies that the inventory of applications on managed Windows endpoints won't appear unless you deliberately enable it through a specific catalog policy—and even then, it serves a different purpose than a traditional asset register.

What Microsoft Actually Announced

Intune's Discovered Apps capability gathers a list of applications detected on enrolled Windows devices. It sounds like a straightforward inventory tool, but the details matter. According to Microsoft’s guidance, the feature is not turned on by default. You must configure a policy named "Windows 10 and later Properties catalog," which falls under the Intune settings catalog. Without that policy, the Discovered Apps blade inside the Microsoft Intune admin center remains empty.

The detected data includes app name, publisher, version, and installation date, resembling a basic software inventory. However, Microsoft draws a sharp line between Discovered Apps and a full operational inventory solution. The documentation stresses that this feature is designed for app rationalization and policy evaluation—helping you understand what’s actually installed so you can clean up or plan migrations—rather than serving as a real-time compliance or license management tool.

Moreover, the data refresh cadence is deliberately paced. Devices send inventory updates every 24 hours, but only when they are active and connected. You won't get instant alerts about unauthorized software. For organizations accustomed to near-real-time reporting from tools like Configuration Manager or third-party solutions, that delay can be a dealbreaker in security and compliance scenarios.

The Real-World Impact for Windows Administrators

If you're responsible for hundreds or thousands of Windows endpoints, this clarification has immediate practical consequences. Let's break it down by audience:

For IT admins managing hybrid environments: If you rely on Configuration Manager for software inventory, Discovered Apps is not a drop-in replacement. Co-managed devices will report to both platforms, but Intune’s inventory data may lag behind Configuration Manager’s cycle, and the data model differs. Misaligned inventories could cause confusion during audits or when tracking license usage.

For organizations using third-party inventory tools: The feature might duplicate data collection if you already have an agent that reports to ServiceNow, Flexera, or similar platforms. However, because Microsoft doesn’t yet offer a bulk-export API for Discovered Apps, integrating this data into your existing workflows will require manual work or custom scripting.

For small businesses or those new to Intune: The policy activation path is not obvious. It hides inside the Settings Catalog, requiring administrators to search for the "Windows 10 and later Properties" profile, then configure the scope to target the appropriate device groups. If you skip this step, you might assume Intune can't see your apps at all, leading to wasted time troubleshooting.

For security teams: Don’t expect Discovered Apps to flag zero-day vulnerable software or unpatched applications automatically. While Intune can push updates for Microsoft apps, the inventory alone won't alert you that a device runs a compromised version of a third-party tool. You’ll need to pair it with Microsoft Defender Vulnerability Management or a dedicated security product.

A Brief History of Intune App Tracking

Intune’s approach to software inventory has evolved unevenly. When the service launched, it collected only basic hardware and OS information. Over time, Microsoft added the Apps feature to manage deployment, but inventory was limited to apps installed through Intune itself.

The Discovered Apps feature appeared in preview around early 2023, with general availability following later that year. Initially, it surfaced only a subset of Win32 apps, relying on the registry and known install paths. Microsoft has since expanded coverage, but the underlying detection mechanism still misses certain portable applications, Windows Store apps that don’t follow standard patterns, and applications installed under user context without administrative rights.

This incremental rollout explains why the feature feels incomplete. Microsoft’s engineering teams prioritized integration with cloud-based insights (like Endpoint Analytics) over building a full-fledged inventory replacement. The company’s own messaging has shifted: earlier blog posts hinted at Discovered Apps becoming a comprehensive inventory source, but the latest documentation walks that back, urging administrators to view it as a "complementary" dataset.

Competing unified endpoint management platforms, such as Workspace ONE and Jamf, have offered richer inventory for years. Intune’s lag reflects Microsoft’s broader challenge: modernizing for the cloud without breaking compatibility with legacy systems like Configuration Manager.

Your Immediate Next Steps

Based on Microsoft’s guidance, here’s what administrators should do right now:

  1. Enable the policy safely. Navigate to Devices > Configuration profiles > Create profile. Choose "Windows 10 and later" and "Settings Catalog." Search for "Discovered Apps," and enable the setting "Turn on inventory of discovered applications." Assign it to a small test group of devices first. Do not deploy it broadly until you understand the network and performance impact.

  2. Validate the data. After at least 24 hours, check the Discovered Apps report. Compare it against a known inventory from another source. Look for missing applications—especially user-installed apps, browsers, and security tools. Note any discrepancies in version numbers; the data isn’t always as precise as what a dedicated scanner provides.

  3. Integrate with your existing processes. If you use Microsoft Graph API, you can query discovered app data via the deviceAppManagement/discoveredApps endpoint. However, this endpoint is still in beta and subject to change. Consider building a Power BI report or a Logic App that exports the inventory to a SQL database for cross-referencing, but don’t retire your current tool until you’ve run both in parallel for at least three patch cycles.

  4. Set expectations with stakeholders. Your compliance and procurement teams may already be eyeing Intune as a source of truth. Warn them that this data is not authoritative for licensing or security audits. Document the limitations and share them with your leadership.

  5. Monitor Microsoft’s roadmap. The Intune development team regularly updates the public roadmap at www.microsoft.com/en-us/microsoft-365/roadmap. Search for feature ID 124912 (originally associated with the general availability of Discovered Apps) and related entries to see forthcoming enhancements like export capabilities or improved detection logic.

What’s Coming Next

Microsoft hasn’t abandoned plans to strengthen Intune’s inventory capabilities. Insider builds and tech community posts suggest the team is working on a unified inventory view that merges discovered apps, managed apps, and endpoint analytics into a single pane of glass. That project, tentatively called “Unified Inventory,” could become the long-term replacement for legacy software asset management tools—but it remains in private preview with no release date.

In the meantime, treat Discovered Apps as a pilot program inside your tenant. Its value is real for cleaning up application sprawl, identifying redundant titles, and supporting Windows 11 migration readiness checks. But it’s not yet the operational inventory system many administrators have been waiting for. Keep your existing software asset management processes running, and let Intune’s feature mature before you bet your audit compliance on it.