Is there a way to get Microsoft Intune (Azure) data into Splunk? Things like compliance, inventory, last check-in, etc.
Thanks!
Hi. Did anyone found a solution?
We are also interested in getting the windows intune audit and compliance logs + we would like End Point Manager Center devices, discovered apps and security settings etc.
I found these Microsoft Docs:
Anyone done this, or haveing info on spluink addon/apps to request this data?
We might try the last link, to get the events into Azure Event Hub, and poll them there.
Everyone looking for Intune's integration with Splunk, this is one of the ways, with which you can do it. If you don't want to do it via azure monitor, then you can use storage accounts to dump Intune's data and get it from there via REST APIs calls.
Step 1: Send you Intune logs to Azure Monitor using this link: https://docs.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor
Step 2: Start monitoring logs from Azure Monitor into Splunk. You can refer to this link to monitor them: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-...
Let me know if it helps.
Not an answer, but potentially of interest.
The current Splunk mobile app does not (June 2020) officially support being wrapped by InTune, but there is a feature request on ideas to support it. https://ideas.splunk.com/ideas/CONNID-I-13
Hello David,
maybe you get some help on the following link https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Configureazureappaccount
Best wishes,
Jacob
Does it work now?
Sorry for the delayed response.
Thanks for the response. I've had that working for a while. However I just don't see any way to get Intune data specifically. I'm still on the hunt.
Thanks!
Hi David, Please let me know whether you are able to send the Intune logs to Splunk?
I am also looking for Intune logs.
Im also trying to get Intune data to splunk. any luck?
Intune logs can be sent to an Event Hub - https://learn.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor - and then Splunk Add-on for Microsoft Cloud Services to ingest the Intune events into Splunk
Hey guys. have you all able to ingest intune logs into splunk i have been looking for the same.
Regards