Getting a teams notification for the top 50 devices with BSOD

1 A+ A-

In this post I will show you a script allowing you to send a Teams notification with a list of top 50 (or other) devices with BSOD during last month.


See below what we want:

- Know which devices had BSOD

- Get a list of devices with more BSOD during last month

- Get device name, model, count of BSOD, last BSOD date and code

- Receive the list with a Teams notification

The solution

To get the list we will use PowerShell, MS Graph and Azure Automation.

Check my first post here to know how to use Graph to get the result.

We will proceed as below:

1. Create a script in Azure Automation

2. The script gets BSOD during last 30 days

3. The script sends the top 50 list on Teams

4. The script is scheduled to run every x days

Get the script

Click on the below GitHub picture to get the script

How to use the script ?

Teams notification

Add your webhook in the $Webhook_URL variable.

The teams notification looks like as below:

You can easily configure it in the ps1 file.

Choose top devices count

You can change the top x devices using the variable $Top_Count.

By default I configured it to 50.

Creating Teams webhook

Purpose: In this part, we will create a connector on a Teams channel allowing us to automate ability to send Teams notif.

For that, we will proceed as below:

1. Go to your channel

2. Click on the ...

3. Click on Connectors

4. Go to Incoming Webhook

5. Type a name

6. Click on Create

7. Copy the Webhook path

Azure Automation account

Creating the account

1. Go to Azure

2. In the search bar type: Automation accounts

3. Go to Automation accounts

4. Click on Create

5. Type a name

6. Choose a Subscription

7. Choose the Resource group

8. Choose your region

9. Click on Create

10. Wait a bit

11. Click on Go to resource

Adding permissions

Once the Managed Identity has been configured a new Enterprise application will be created.

Then you need to add permissions to be able to actions.

The required permissions is the following: 

- DeviceManagementConfiguration.Read.All 

- DeviceManagementManagedDevices.Read.All

To add this permission you will need to use PowerShell, it can't be done through the portal.

For that use the script Assign_permission.ps1 on my GitHub repo.

You just need to fill below variables:

- $TenantID: your tenant ID

- $DisplayNameOfMSI: name of your automation account

Creating a Runbook

1. Go to Azure

2. In the search bar type: Automation accounts

3. Go to your Automation accounts

4. Go to Runbooks

5. Click on + Create a runbook

6. Type a name

7. In Runbook type, select PowerShell

8. Click on Create

Add script in Runbook

The runbook script is located downloaded sources

Its name is: Runbook_script.ps1

Test the Runbook

1. Click on Test pane

2. Click on Start

3. Once finished, you should see Completed

Publish the Runbook

1. Go to your Runbook

2. Click on Edit

3. Click on Publish

4. Click on Yes

Schedule the Runbook

1. Go to your Runbook

2. Click on Schedules

3. Click on + Add a schedule

4. Click on Link a schedule to your runbook

5. Click on + Add a schedule

6. Type a schedule name

7. In Recurrence, select Recuring

8. Click on Create

What's next ?

In a next post I will share with you a Log Analytics report allowing you to :

- List devices with BSOD during last 30 days

- See BSOD count per models, BIOS version, OS version...

- List all BSOD for a specific device

- Access to BSOD logs for a device from the report

slider 2295641851306954224

Enregistrer un commentaire

1 commentaire

Emanuele a dit…

Hi, great article but I am facing at issue that I don't understand. When I try tor un the script Azure answers: The remote server returned an error: (401) Unauthorized.
Cannot bind argument to parameter 'InputObject' because it is null.
The remote server returned an error: (400) Bad Request.

could you help me?


Accueil item


Learn KQL in one month


You want to support me ?

Mes articles en français

Books in French