One of our engineers recently posted a great deep dive into how Microsoft uses Azure Log Analytics for our Intune environment. Sharing the intro here - if you're interested in how to get started with Azure Log Analytics and Intune head to the full article here - https://techcommunity.microsoft.com/t5/Device-Management-in-Microsoft/Microsoft-Intune-and-Azure-Log...
Cross posting the blog's intro:
Microsoft’s production Intune tenant manages all MDM enrolled devices at the company, and we have the need to closely monitor and analyze data that is coming from our Intune tenant. In this post we will illustrate how we have configured diagnostic settings in Intune in order to send data to a Log Analytics workspace for our production Microsoft tenant. This new feature allows customers to add Audit Logs and Operational Logs to a Log Analytics workspace, event hub or Azure storage account. This integration allows us to gain additional insights into data coming from the Intune service and the devices that we manage. In addition, it gives us a platform to build alerting / monitoring pipelines, reporting, and custom workflows based on data that we are receiving from our Intune tenant. By the end of this post we hope to demonstrate how to set up alerting / monitoring based on Intune data flowing into your Log Analytics workspace.
