Sometimes, especially in large environments, keeping track of who is making which changes within Intune can be a pain and there is always that one time where change control isn’t followed and something breaks.
In this post I’m going to configure Intune to alert on Audit Logs, send to an Azure Event Hub and then use Azure Logic Apps to email when an item hits the log.
First up, create a Resource Group in Azure to hold everything and keep it all neat and tidy
Next create the Event Hub Workspace and Event Hub
In Azure, search for Event Hubs and click the Create button
Once completed, Add an event hub within the new namespace
Finally, within Event Hubs, navigate back to the main namespace and add an SAS policy
Make a note of the Primary Access code, you’ll need this in the Logic App later
Now, load up Intune, go to Tenant Administration and click on Diagnostics Settings
Add a new setting and point it to the Event Hub we created earlier
Now that’s in place, we need to build the logic App.
Within Azure search for Logic Apps and Create a New Logic App
For the Trigger, search for Event Hub and enter the SAS connection string created earlier.
For the Action, Search for Office 365 and Select Send an email
After signing in, populate your email content. If you select the Content dynamic variable, that will include the full details of whatever has happened in Intune within the email
And now if we look at our email, we can see the results
Hopefully this is of use. Keep an eye on costs though if going for a Consumption plan, those events could soon start to stack up!