All Apps and Add-ons

Is there a way to get Microsoft Intune (Azure) data into Splunk?

davidblizzard
Explorer

Is there a way to get Microsoft Intune (Azure) data into Splunk? Things like compliance, inventory, last check-in, etc.

Thanks!

Labels (1)
0 Karma

hansuleberg
Path Finder

Hi. Did anyone found a solution?
We are also interested in getting the windows intune audit and compliance logs + we would like End Point Manager Center devices, discovered apps and security settings etc.

I found these Microsoft Docs:

 

Anyone done this, or haveing info on spluink addon/apps to request this data?

We might try the last link, to get the events into Azure Event Hub, and poll them there.

 

0 Karma

shivanshu1593
Builder

Everyone looking for Intune's integration with Splunk, this is one of the ways, with which you can do it. If you don't want to do it via azure monitor, then you can use storage accounts to dump Intune's data and get it from there via REST APIs calls.

Step 1: Send you Intune logs to Azure Monitor using this link: https://docs.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor

Step 2: Start monitoring logs from Azure Monitor into Splunk. You can refer to this link to monitor them: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-...

Let me know if it helps.

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###

triest
Communicator

Not an answer, but potentially of interest. 

The current Splunk mobile app does not (June 2020) officially support being wrapped by InTune, but there is a feature request on ideas to support it. https://ideas.splunk.com/ideas/CONNID-I-13

0 Karma

hijacob
Communicator

Hello David,

maybe you get some help on the following link https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Configureazureappaccount

Best wishes,
Jacob

0 Karma

hijacob
Communicator

Does it work now?

0 Karma

davidblizzard
Explorer

Sorry for the delayed response.

Thanks for the response. I've had that working for a while. However I just don't see any way to get Intune data specifically. I'm still on the hunt.

Thanks!

0 Karma

pmprabu
New Member

Hi David, Please let me know whether you are able to send the Intune logs to Splunk?

0 Karma

robert_miller
Path Finder

I am also looking for Intune logs.

0 Karma

jkens
New Member

Im also trying to get Intune data to splunk. any luck?

0 Karma

JRW
Splunk Employee
Splunk Employee

Intune logs can be sent to an Event Hub - https://learn.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor - and then Splunk Add-on for Microsoft Cloud Services to ingest the Intune events into Splunk

0 Karma

ashisrma
New Member

Hey guys. have you all able to ingest intune logs into splunk i have been looking for the same.

Regards

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...