Jun 02 2022 11:54 PM
We recently had a couple of managed iOS devices get wiped by Intune. However I have learned that the Intune Audit Logs don't record wipes.
Is this something Intune is looking to introduce?
Seems like a pretty important thing to have an audit of.
Richard
Jun 03 2022 10:36 AM
Hello! You've posted your question in the Tech Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. I'm moving your question to the Microsoft Intune space - please post Intune questions here in the future.
Jun 03 2022 07:33 PM
Hi @Richard1069,
You should be able to see that in the Audit Logs. Navigate to Tenant Administration- Audit Logs - Filter by Device - Wipe ManagedDevice. Screenshot attached for more clarity.
Hope this helps!
Moe
Jun 04 2022 01:18 AM
@Moe_Kinani thanks for reply. However I have been to that location in audit logs and there's no log for a wipe. It's strange because I can filter to find a managed wipe as you suggest, but nothing shows up.
Jun 04 2022 09:04 AM - edited Jun 04 2022 09:04 AM
Is it older than one year? I can see the wipe actions for the phones I’ve done 8 months ago.
Moe
Jun 05 2022 03:59 PM
@Moe_Kinani Hi Moe, thanks for that. The devices were wiped just a few days ago. Do you know if that particular log needs to be specified in Tenant Admin -> Diagnostic Settings?
Jun 05 2022 05:22 PM
Jun 05 2022 05:51 PM
Jun 05 2022 08:52 PM - edited Jun 05 2022 08:54 PM
SolutionHi @Richard1069
This makes sense to me now. You don’t find devices information actions in audit logs, as it shows audit log actioned by admins.
You might be able to find those details if you send LOG > IntuneDevices: to Log Analytics and alert via email. This setting sits under Diagnostics Settings as you mentioned, check this url below-
https://docs.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor
Moe
Jun 05 2022 08:52 PM - edited Jun 05 2022 08:54 PM
SolutionHi @Richard1069
This makes sense to me now. You don’t find devices information actions in audit logs, as it shows audit log actioned by admins.
You might be able to find those details if you send LOG > IntuneDevices: to Log Analytics and alert via email. This setting sits under Diagnostics Settings as you mentioned, check this url below-
https://docs.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor
Moe