Intune includes many inbuilt reports that provide information about enrolled devices. You may want to forward those logs to a Log Analytics Workspace for further analysis or use in Azure Sentinel.

What logs can be forwarded?

Log Type

Table Name

Usage

Audit

IntuneAuditLogs

Intune Administrator actions such as assignment or device actions.

Operational

IntuneOperationalLogs

Contains Intune Enrollment logs

Devices

IntuneDevices

Contains Intune device attributes in addition to compliance state.

Device Compliance Organisation

IntuneComplianceOrg

Contains Intune device compliance attributes.

How to connect Intune to a Log Analytics Workspace?

First ensure that you have both Intune Administrator and an appropriate RBAC role for the subscription/resource group/log analytics workspace.

  1. Open the Microsoft Endpoint Manager admin center

  2. Navigate to Reports > Diagnostic Settings

  3. Click Add diagnostic setting

  4. Select the logs to be sent

   5. Click Save

After some time you will see the following tables appear in the Log Analytics Workspace under the Log Management solution.