![]() To keep data forever, set Retention (days) to 0 (zero). If you choose to use a storage account, then also enter how many days you want to keep the data (retention). For more reference information, go to IntuneAuditLogs. The audit logs show the history of every task that generates a change in Intune, including who did it and when. LOG > AuditLogs: Choose this option to send the Intune audit logs to your storage account, event hub, or log analytics. Or, choose an existing workspace from the list > OK.Īzure log analytics workspace provides more details on these settings. If you want to use visualizations, monitoring and alerting for your logs, choose this option.Ĭreate a new workspace, and enter the workspace details. Send to Log Analytics: Sends the data to Azure log analytics. Choose an existing event hub namespace and policy from the list > OK.If you want analytics on your log data using SIEM tools, such as Splunk and QRadar, choose this option. Stream to an event hub: Streams the logs to an Azure event hub. Choose an existing storage account from the list > OK.Use this option if you want to save or archive the data. For example, enter Route audit logs to storage account.Īrchive to a storage account: Saves the log data to an Azure storage account. This setting includes all the properties you enter. Name: Enter a name for the diagnostic settings. You might have to enter the Azure subscription account. If your Azure subscription isn't shown, go to the top right corner, select the signed in account > Switch directory. Sign in to the Microsoft Intune admin center. An Azure log analytics workspace to send logs to Log Analytics.An Azure event hubs namespace to integrate with third-party solutions.For storage pricing information, see the Azure Storage pricing calculator. We recommend that you use a general storage account, and not a blob storage account. An Azure storage account with ListKeys permissions.For more information on the different roles, and what they can do, see Manage access to log data and workspaces in Azure Monitor.ĭepending on where you want to route the audit log data, you need one of the following services: To configure the log collection from Azure Storage, you need the Log Analytics Contributor role in the Log Analytics Workspace.A user who's a Global Administrator or Intune Service Administrator for the Intune tenant.A Microsoft Intune environment (tenant) in Azure.If you don't have an Azure subscription, you can sign up for a free trial. ![]() An Azure subscription that you can sign in to.To provide feedback, including information in the logs, go to Feedback for Intune. Once you enable this feature, your logs are routed to the Azure Monitor service you choose. This article shows you how to use Diagnostics Settings to send log data to different services, gives examples and estimates of costs, and answers some common questions. These features are part of the Diagnostics Settings in Intune. Send Intune logs to Log Analytics to enable rich visualizations, monitoring, and alerting on the connected data.Integrate Intune logs with your own custom log solutions by streaming them to an event hub.Stream Intune logs to an Azure event hub for analytics using popular Security Information and Event Management (SIEM) tools, such as Splunk and QRadar.Archive Intune logs to an Azure storage account to keep the data, or archive for a set time.These logs can also be sent to Azure Monitor services, including storage accounts, event hubs, and log analytics. IntuneDevices show device inventory and status information for Intune enrolled and managed devices. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |