Enhance Microsoft Intune data with Log Analytics: A summary

This week an extra blog post about my session at Experts Live Netherlands 2022. I did my session about Enhance Microsoft Intune data with Log Analytics. During that session – after battling some technical challenges – I shared a lot of information around the four most obvious options for using Microsoft Intune in combination with Log Analytics. I showed the direct integration, the combination with Update Compliance, the use of the Azure Monitor HTTP Collector API and even the use of the Azure Monitor Agent. This post will provide a quick summary of that session, by briefly touching those different options. The slides (PDF) of that session are available for download here.

Collecting log data via a direct integration

The first option was all about the direct integration of Microsoft Intune with Log Analytics. That is the integration that is part of the Tenant admin > Diagnostic settings. In that section the IT administrator can configure the streaming export of platform logs and metrics for a resource to the destination of choice. And that destination can be Log Analytics. By using Log Analytics, it becomes easy to create quick overviews of the data by creating different Workbooks and KQL-queries.

Collecting update information via Update Compliance

The second option was all about using Update Compliance. Update Compliance is a quick win for organizations to get a better experience around reporting about the update status of the Windows devices that are in use. It enables the IT administrator to easier report that information. For some ideas for creating custom workbooks about Update compliance, have a look at this post. And for different suggestion for visualizing the data of Update Compliance, have a look at this post.

Collecting custom inventory via Azure Monitor HTTP Data Collector API

The third option was all about using the Azure Monitor HTTP Data Collector API. That API enables organizations to collect custom inventory. The only limitation is the imagiation of the IT administrator and eventually the wallet of the organization. The API makes it possible to basically send any data to Log Analytics that is needed. That comes, however, with costs for storing the data. For an example for using the API for collecting local adminsitrator information, have a look at this post.

Collecting custom logs via Azure Monitor agent

The fourth option was all about using the Azure Monitor Agent. And specifically the new agent for Windows devices. That agent provides an easy method for sending performance data and Event Viewer data to Log Analytics. That provides an easy method for collecting specific pieces of information. A specific usecase could, for example, be the introduction of AppLocker. Simply turn on the feature in audit only and use the agent to collect the information from the Event Viewer. For an overview for getting started with the Azure Monitor agent, have a look at this post.

Experiencing the session

Of course, the best method to experience the session was to simply be there. But I can imagine that not everybody could be there. So, hopefully a few pictures will provide a little bit of the feeling and vibe that came with the session. With a huge thanks to Greg and Albert, here are some nice pictures to still experience the feeling and vibe of the session. Also, a huge thank you to all the attendees for sticking around. Even after the late start.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.