Upcoming change to Audit logs in Intune
Published Nov 18 2019 02:44 PM 10.1K Views

We’re rolling out a unified audit log experience, centralizing Audit logs in Intune in one location. This is slated to roll out with the December update to the Intune service around mid-December. We’ll update our documentation when this change rolls out but here’s a sneak peek into how this will look in the console.


In the Microsoft Device Management or Microsoft Endpoint Manager console, Audit logs will now be consolidated in the Tenant administration blade.

 

Audit logs 1.jpg

 

You will be able to see all audit logs at once or filter based on specific workload.

 

Audit logs .png

In the Azure portal, you will see the same experience of consolidated logs under Intune > Monitoring

 

Audit logs 4.jpg

Let us know what you think! We’ll update our What’s New page when this change rolls out.

4 Comments
Copper Contributor

Can these be exported to a storage account or log analytics like AzureAD logs can?

Microsoft

@Simon Payne they can indeed. Check out this doc for more info

Copper Contributor

Hi, what exactly is the benefit of adding the Intune logs in Azure Log Analytics? @Ciaran_Murphy @Simon Payne 

Hi @Labinot Jashanica, the built-in logs within Intune will provide enough information about your environment, however there may be times where you'd also like to extend logging capabilities. These will vary by environment, but am sharing a few that may help what this could be used for:

  • Archive Intune logs to an Azure storage account to keep the data, or archive for a set time.
  • Stream Intune logs to an Azure event hub for analytics using popular Security Information and Event Management (SIEM) tools, such as Splunk and QRadar.
  • Integrate Intune logs with your own custom log solutions by streaming them to an event hub.
  • Send Intune logs to Log Analytics to enable rich visualizations, monitoring, and alerting on the connected data.

Hope this helps!

Version history
Last update:
‎Nov 30 2023 03:59 PM
Updated by: