Azure MDM Intune¶
Cyderes supports the ingestion of logs from Azure Device Management through the Microsoft Graph API. The types of Device Management logs that are supported are below:
Audit logs include a record of activities that generate a change in Microsoft Intune. Create, update (edit), delete, assign, and remote actions all create audit events. A full list of the properties of audit logs can be found at the link above.
Device Configuration logs include a record of properties and relationships related to configurations on devices enrolled through Microsoft Intune. A full list of the properties of device configuration logs can be found at the link above.
Managed Device logs include a record of properties about devices that are managed or pre-enrolled through Microsoft Intune. A full list of the properties of managed device logs can be found at the link above.
Azure App Prerequisite
For this integration, an Azure App must be created. More information can be found about how to do that in the documentation here.
Chronicle Data Types¶
- AZURE_MDM_INTUNE
Requirements¶
In the Cyderes Azure App Registration, select API permissions from the sidebar. Then click the Add a permission button. Click APIs my organization uses and search for 'Microsoft Graph' and then select it. Click the Application permissions and click the check box next to the following permissions. Once the permissions have been added, ensure that admin consent has been granted for each by clicking Grant admin consent for ACCOUNT.
| Permission | Technology |
|---|---|
| DeviceManagementApps.Read.All | Audit Events |
| DeviceManagementConfiguration.Read.All | Device Configuration |
| DeviceManagementManagedDevices.Read.All | Managed Devices |
Gather Information¶
Please send the following to Cyderes when setup is completed:
- Identity (Azure Active Directory App)
- Application (client) ID
- Directory (tenant) ID
- Secret ID
- Secret Value