Log analytics (SIEM) integration with Intune available.

Some companies are requesting for a long time some integration with Software Information and Event Management (SIEM) software. While delivering an Intune/Azure AD class a new node popped up in the consoles.

Under Monitoring in the Intune blade of portal.azure.com a new option Diagnostic Settings appeared.

In this option you are able to configure that all audit log and/or operational log events are being send to an archive on storage, streamed to an event hub in Azure or to Log Analytics. When selecting Send to Log Analytics you can select the Logs you want to forward to the Log Analytics environment. (of course, you need to have one.

After a while and making changes in the Intune portal you will see audit events popping up in the Log Analytics database. All changes in Microsoft Intune will be automatically added to the Log Analytics database.

Look under LogManagement and query on the IntuneAuditLogs table and the IntuneOperationalLogs table to see what is being changed in the portal or what actions are executed.

Multiple entries logged

Really cool if you ask me when working in highly regulated environments.


1 comment
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

iOS 12.1 allows managed contacts to be written from managed apps to native contacts app

Next Post

Alert on unauthorized changes in Microsoft Intune via Log Analytics

Related Posts