Skip to main content

πŸ“ Intune logs are not captured and sent to Log Analytics 🟒

  • Contextual name: πŸ“ Intune logs are not captured and sent to Log Analytics 🟒
  • ID: /ce/ca/azure/monitor/intune-logs
  • Located in: πŸ“ Azure Monitor

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • SECURITY

Description​

Open File

Description​

Ensure that Intune logs are captured and fed into a central log analytics workspace.

Rationale​

Intune includes built-in logs that provide information about your environments. Sending logs to a Log Analytics workspace enables centralized analysis, correlation, and alerting for faster threat detection and response.

Impact​

A Microsoft Intune plan is required to access Intune: https://www.microsoft.com/en-gb/security/business/microsoft-intune-pricing.

The amount of data logged and, thus, the cost incurred can vary significantly depending on the tenant size.

For information on Log Analytics workspace costs, visit: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/cost-logs.

Audit​

From Azure Portal​
  1. Go to Intune.
  2. Click Reports.
  3. Under Azure monitor, click Diagnostic settings.
  4. Next to each diagnostic setting, click Edit setting, and review the selected log categories and destination details.
  5. Ensure that at least one diagnostic setting is configured to send the following logs to a Log Analytics workspace:

... see more

Remediation​

Open File

Remediation​

From Azure Portal​

  1. Go to Intune.

  2. Click Reports.

  3. Under Azure monitor, click Diagnostic settings.

  4. Click + Add diagnostic setting.

  5. Provide a Diagnostic setting name.

  6. Under Logs > Categories, check the box next to each of the following logs:

    • AuditLogs
    • OperationalLogs
    • DeviceComplianceOrg
    • Devices
    • Windows365AuditLogs

  7. Under Destination details, check the box next to Send to Log Analytics workspace.

  8. Select a Subscription.

  9. Select a Log Analytics workspace.

  10. Click Save.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS Azure v4.0.0 β†’ πŸ’Ό 7.1.1.10 Ensure that Intune logs are captured and sent to Log Analytics (Manual)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Logging and Monitoring Configuration59