Azure MDM Intune¶
Cyderes supports the ingestion of logs from Azure Device Management activity through the Microsoft Graph API. The type of activity log that is supported is below:
Audit logs include a record of activities that generate a change in Microsoft Intune. Create, update (edit), delete, assign, and remote actions all create audit events. A full list of the properties of audit logs can be found at the link above.
Azure App Prerequisite
For this integration, an Azure App must be created. More information can be found about how to do that in the documentation here.
Chronicle Data Types¶
In the Cyderes Azure App Registration, select API permissions from the sidebar. Then click the Add a permission button. Click APIs my organization uses and search for 'Microsoft Graph' and then select it. Click the Application permissions and click the check box next to the following permissions. Once the permissions have been added, ensure that admin consent has been granted for each by clicking Grant admin consent for ACCOUNT.
Please send the following to Cyderes when setup is completed:
- Identity (Azure Active Directory App)
- Application (client) ID
- Directory (tenant) ID
- Secret ID
- Secret Value