Skip to content

Azure MDM Intune

Cyderes supports the ingestion of logs from Azure Device Management activity through the Microsoft Graph API. The type of activity log that is supported is below:

Audit logs include a record of activities that generate a change in Microsoft Intune. Create, update (edit), delete, assign, and remote actions all create audit events. A full list of the properties of audit logs can be found at the link above.

Azure App Prerequisite

For this integration, an Azure App must be created. More information can be found about how to do that in the documentation here.

Chronicle Data Types

  • AZURE_MDM_INTUNE

Requirements

In the Cyderes Azure App Registration, select API permissions from the sidebar. Then click the Add a permission button. Click APIs my organization uses and search for 'Microsoft Graph' and then select it. Click the Application permissions and click the check box next to the following permissions. Once the permissions have been added, ensure that admin consent has been granted for each by clicking Grant admin consent for ACCOUNT.

  • DeviceManagementApps.Read.All

Gather Information

Please send the following to Cyderes when setup is completed:

  • Identity (Azure Active Directory App)
    • Application (client) ID
    • Directory (tenant) ID
    • Secret ID
    • Secret Value