Simplified Intune Monitoring with Power Automate and Graph API

Managing an Intune environment ? Delegating tasks becomes essential as your setup evolves. To keep a close watch on Intune actions, this guide walks you through setting up an automated monitoring system.

Stay on top of changes in crucial areas like applications, configurations, and rings with ease for seamless management and enhanced security.

At the conclusion of this guide, you will have successfully implemented a system to receive email notifications whenever the Intune monitored object undergoes modifications.

Tools :

• Graph Explorer, so you get the proper APIs
• Power automate so you can automate task and trigger alerts
• Intune 🙂

Retrieving Audit Logs via APIs

To identify the API in use, open your browser in developer mode, go to the Network tab, and observe which APIs your requests are directed to by exploring Intune menus (e.g., Tenant Administration > Audit Logs to access the logs).

Another handy tool to unveil the APIs in action: Merill’s Graph Xray extension (a must-follow).

Once you’ve pinpointed the API, leverage Graph Explorer to get a sneak peek at the requested information.

To fetch the latest events from your tenant between today and November 27th (yesterday’s date), use the following :

https://graph.microsoft.com/beta/deviceManagement/auditEvents?$filter=activityDateTime gt 2023-11-27

Creating a Power Automate Workflow

Power Automate allows you to organize actions within a sequence known as a ‘flow.’ You have the flexibility to trigger this flow manually, automatically, or schedule it over time according to your preferences.

Scheduled over time is the trigger that will suit you initially for your first automations (daily, every X minutes, etc.).

After setting up the first step of the flow with a time schedule, proceed to add a second step by ‘Initializing the Variable’ to store the ID of the object to be monitored (located in the URL bar of the Intune portal, for example).

This object can be anything within Intune: a configuration, an application, a ring, a role, and so on.

Moving on to the third step, retrieve yesterday’s date using the ‘Get Past Time’ action. This is essential to fetch logs from the previous day.

The next, and arguably most crucial, step is querying Intune. Add the ‘HTTP’ action and input the URI you previously built in Graph Explorer:

Ensure to choose the dynamic expression ‘Get past time,’ which will be automatically formatted in the correct date format ! Awesome right ? 🙂

Click on the advanced options of the HTTP request. To access Intune data, it’s crucial to authenticate with an Azure application carrying the necessary permissions on the appropriate APIs.

Create your application, ensure it’s granted the required permissions for Intune audit logs via Graph API.

If you’ve secured your application with a certificate, a trick is to convert the certificate into base64 format and input it into your HTTP request, with the client ID being the ID of the application you created.

The next step involves parsing the JSON, a crucial phase to enable your flow to utilize the information obtained from your HTTP request.

Select the Body of your HTTP request and paste the result returned by Graph Explorer by clicking ‘Generate from Sample.’ This allows Power Automate to interpret the result format your HTTP request will produce.

Finally the last step, if the ID of the resource retrieved from the log matches the ID you stored at the beginning of the flow, then trigger an email to the address of your choice.

To achieve this, create a condition and compare the two resource IDs : one from the variable you defined at the start of the flow, and the other from the JSON parsing process.

Right below, choose the ‘Send an Email’ action. Select the recipient account and write the email content. Notice the importance of parsing, which allow you to include all the information in the email body.

Note: The ‘For Each…’ loop will be automatically generated as soon as you add a field from the parsing. Power Automate understands that you want to apply this action to each event retrieved by your analyzed HTTP request.

Conclusion

Empower your Intune environment with the dynamic duo of Power Automate and Microsoft Graph API. These tools offer a robust solution for vigilant monitoring and rapid responses to changes.

This no-code process based on variable initialization, log retrieval, JSON analysis, and email dispatch, provides meticulous and proactive control over your environment. Elevate your daily Intune management tasks with this optimized approach.