π‘οΈ Intune logs are not captured and sent to Log Analyticsπ’βͺ
- Contextual name: π‘οΈ Intune logs are not captured and sent to Log Analyticsπ’βͺ
- ID:
/ce/ca/azure/monitor/intune-logs - Tags:
- βͺ Impossible policy
- π’ Policy with categories
- π’ Policy with type
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Descriptionβ
Descriptionβ
Ensure that Intune logs are captured and fed into a central log analytics workspace.
Rationaleβ
Intune includes built-in logs that provide information about your environments. Sending logs to a Log Analytics workspace enables centralized analysis, correlation, and alerting for faster threat detection and response.
Impactβ
A Microsoft Intune plan is required to access Intune: https://www.microsoft.com/en-gb/security/business/microsoft-intune-pricing.
The amount of data logged and, thus, the cost incurred can vary significantly depending on the tenant size.
For information on Log Analytics workspace costs, visit: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/cost-logs.
Auditβ
From Azure Portalβ
- Go to
Intune.- Click
Reports.- Under
Azure monitor, clickDiagnostic settings.- Next to each diagnostic setting, click
Edit setting, and review the selected log categories and destination details.- Ensure that at least one diagnostic setting is configured to send the following logs to a Log Analytics workspace:
... see more
Remediationβ
Remediationβ
From Azure Portalβ
Go to
Intune.Click
Reports.Under
Azure monitor, clickDiagnostic settings.Click
+ Add diagnostic setting.Provide a
Diagnostic setting name.Under
Logs > Categories, check the box next to each of the following logs:
AuditLogsOperationalLogsDeviceComplianceOrgDevicesWindows365AuditLogsUnder
Destination details, check the box next toSend to Log Analytics workspace.Select a
Subscription.Select a
Log Analytics workspace.Click
Save.
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| πΌ CIS Azure v4.0.0 β πΌ 7.1.1.10 Ensure that Intune logs are captured and sent to Log Analytics (Manual) | 1 | no data | |||
| πΌ Cloudaware Framework β πΌ Logging and Monitoring Configuration | 60 | no data |