Blog
Intune Training: Setting Up Audit Functionality in Intune
- December 29, 2023
- Posted by: Lara Administrator
- Category: End User Computing
Intune Training: Setting Up Audit Functionality in Intune
Introduction
Let’s see how to set up the audit functionality in Intune and how you can capture all of the information about what’s going on in your environment. This blog will provide a step-by-step guide on how to set up the audit functionality and leverage the power of log analytics in Intune.
Why is Audit Functionality Important?
Before we dive into the details, let’s understand why setting up the audit functionality in Intune is crucial. Audit logs help you track and monitor the activities happening within your environment. It allows you to capture information about what actions are being performed by administrators and provides insights into device compliance and operational logs. By having access to this information, you can ensure the security and compliance of your environment and make informed decisions based on the data.
Setting Up Log Analytics Workspace
The first step in setting up the audit functionality is to create a log analytics workspace. Log Analytics is Microsoft’s central repository for logging, similar to tools like Splunk. It allows you to consolidate all your logs into a central location and perform actions on the information collected. To create a log analytics workspace in Intune, follow these steps:
- Go to the Intune portal and scroll down to the Diagnostics settings section.
- Click on “Add” to create a new diagnostic setting.
- Create a new log analytics workspace by searching for “log analytics” in the top search bar.
- Select the “Create” option to create a new workspace.
- Give your workspace a name and select a location for it.
- Choose a pricing tier for your workspace and click “Save”.
Once you have set up your log analytics workspace, you can now proceed to enable the audit functionality in Intune.
Enabling Audit Functionality
To enable the audit functionality in Intune, follow these steps:
- Go to the log analytics workspace in the Intune portal.
- Scroll down and click on “Diagnostic settings”.
- Click on “Add” to create a new diagnostic setting for audit logs.
- Give the setting a name, such as “Log Analytics”.
- Select “Send to log analytics” as the destination for the logs.
- Select the types of logs you want to capture: audit logs, operational logs, and device compliance.
- Click “Save” to enable the audit functionality.
Once the audit functionality is enabled, all the relevant logs will be sent to your log analytics workspace, allowing you to analyze and monitor the activities within your environment.
Analyzing Audit Logs
Now that you have set up the audit functionality and enabled the logs to be sent to your log analytics workspace, you can start analyzing the audit logs. By accessing the log analytics workspace, you can view all the information about what your administrators are doing in your environment.
The log analytics workspace provides a rich set of features to help you analyze and query the audit logs. You can create workbooks, which are customizable reports that allow you to visualize and interpret the data in your log analytics workspace. Workbooks use the Kusto Query Language (KQL) to query and manipulate the data.
Additionally, you can integrate log analytics with other tools like Power BI to create interactive dashboards and gain deeper insights into your environment. With Power BI, you can connect to your log analytics workspace and create powerful visualizations and reports based on the data collected.
Conclusion
Setting up the audit functionality in Intune and leveraging log analytics is essential for monitoring and managing your environment effectively. By enabling the audit logs and analyzing the data, you can track the activities of your administrators, ensure compliance and security, and make informed decisions based on the insights gained.
Remember, log analytics is a powerful tool that allows you to consolidate all your logs into a central location and perform actions on the collected information. Take advantage of this tool and make it a part of your Intune training journey.