Comments

1 comment

  • Official comment
    Avatar
    Matt Sullivan

    Sorry for the delay answering.

    We're frequently adding to our offerings on Azure (as well as AWS and GCP) so this answer may become outdated and I would recommend perusing the release notes from time to time.

    I did some research and find that Intune leverages Azure AD so you should be able to get those audit logs in the standard way. But I'm assuming you want the Intune audit logs specifically, and it appears there is a RESTful API to expose them. However, quick glance it doesn't appear to take start/end dates so not sure how you control the timeframe of the logs requested, and you might need to reach out to MSFT for guidance.

    If you can get the logs from the exposed API on Azure, you could then run a scheduled job to write to log files (or even console, if you setup as a script source type) where they can then be picked up by an installed Sumo collector. Alternatively, if installing a collector is not an option, you can Upload-Data-to-an-HTTP-Source using a hosted collector.

    We've successfully used this approach on numerous sources that expose APIs to pull logs. 

Please sign in to leave a comment.