You can also use the device audit logs in Intune to view and analyze recent device actions, as shown in Figure 3-43. To access the logs, select the Tenant Administration node in the Microsoft Intune admin center in the navigation pane, and then select Audit logs.
FIGURE 3-43 Viewing the Intune audit logs
You can filter and export the returned results if there are many actions or you are interested in specific devices. You can filter based on Category, Activity, and Date Range.
Need More Review? Audit Logs for Intune Activities
To review further details about using logs to analyze Intune activities, refer to the Microsoft website at https://learn.microsoft.com/mem/intune/fundamentals/monitor-audit-logs.
Windows Health Attestation Report
Using Windows Health Attestation in Intune enables you to view the health status of enrolled Windows devices using a number of factors, including:
• BitLocker
• Code integrity
• Early launch malware
• Boot debugging
• Secure boot
• Data execution prevention policy
• Virtual security mode
• Boot manager version
To access Windows Health Attestation data, select the devices in the Microsoft Intune admin center and then select Monitor. Select Windows health attestation report. As with many other Intune reporting features, you can filter the listed results and export the unfiltered or filtered results to a CSV file.
Monitor devices by using Azure Monitor
If your organization has an Azure subscription, you can enable additional analytics and reporting features by combining Intune and Azure Monitor.
Azure Monitor and Log Analytics
By using Azure Log Analytics, you can send the logging data from Intune to Azure Monitor.
Requirements
To use Log Analytics, you require
• An Azure subscription
• A Microsoft Intune tenant
• A Global Administrator or Intune Service Administrator account
You might also need one of the following services:
• An Azure storage account, ideally a general storage account
• An Azure event hubs namespace to integrate with third-party solutions
• An Azure log analytics workspace to send logs to Log Analytics
To send the log data to Azure monitor, use the following high-level procedure:
- Open the Microsoft Intune admin center.
- In the navigation pane, select Tenant administration, and then select Diagnostics settings.
- Select Turn On Diagnostics and enter the following properties:
• Enter a name for the Diagnostic Settings.
• Specify whether you want to archive to a storage account. This saves log data to an Azure storage account.
• Select whether you want to stream to an Azure event hub.
• Choose whether to send diagnostics to Log Analytics. If you choose this option, the data is sent to Azure Log Analytics. Choose this option if you want to use visualizations or monitoring and alerting for your logs.
• Choose whether to send the Intune audit logs to your storage account, event hub, or Log Analytics.
• Choose whether to send Operational logs (which show the success or failure of users and devices that enroll in Intune) to your storage account, event hub, or Log Analytics.
When you have completed the setup, you should have a dialog similar to Figure 3-44.
FIGURE 3-44 Verifying diagnostics settings in Intune
Need More Review? Send Logs to Azure Monitor
To review further details about Azure monitor, refer to the Microsoft website at https://learn.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor#send-logs-to-azure-monitor.
