Send Intune Discovered apps to Log Analytics with Azure Automation

In this post I will show you a solution using Azure Automation to send Intune discovered apps from all devices to Log Analytics.

Context

Previously, there was a cool solution called Desktop Analytics allowing you to access to a lot of data in Log Analytics.

There was for instance the MAApplication table giving you information about all applications installed on devices with application name, version...

Now Desktop Analytics has been retired there is nothing like this to replace, for now.

That's why I created this script.

The solution

The idea is to have a script that will export all discovered apps as CSV.

It's the same than if you click on Apps > Monitor > Discovered apps > Export

Using the development mode of your browser helps you to understand what is used behind when you click on the Export button.

Here below you can see that it will run exportjob action and export the following job: AppInvRawData.

See below:

Looking on MS docs, you can get below info:

For this I use two Azure Automation scripts that you need to schedule.

See below what do those runbook.

First Automation runbook

1. Download discovered apps report as CSV

2. Send CSV to SharePoint

Second Automation runbook

1. Get CSV content from SharePoint

2. Split CSV in multiple CSV

3. Send content of each CSV to Log Analytics

Why two runbook ?

Actually you can put all in one but I already faced some issues with runbook that tooks too much time and can not continue, that's why I decided to split the solution in 2 runbook.

Get the script

Click on the below GitHub picture to download both Azure Automation runbooks.

- Discoveredapps_CSV.ps1: export discovered apps CSV

- Discoveredapps_LA.ps1: send dicovored apps to LA

How to use the script ?

Creating the SharePoint application

We will create a SharePoint application to upload the list of all discovered apps on devices in a CSV format.

For that check my post here.

Configuring SharePoint part

Open both PS1 files and edit below variables:

- $ClientID = "SharePoint app client ID"

- $Secret = "SharePoint app secret"       

- $Site_URL = "SharePoint site URL"

- $Folder_Location = "SharePoint folder where to send logs"

Log Analytics information

In order to create this report we will need to add some information relative to the Log Analytics workspace in the PS1 script.

See below required info:

- Workspace ID

- Primary key

To get those information go to Log Analytics Workspace > Agents management

You will find both Workspace ID and Primary key.

Then we will proceed as below:

1. Open the file Discoveredapps_LA.ps1

2. Fill below variables:

- $CustomerID: workspace ID

- $ShareKey: Primary key

Azure Automation part

Creating the account

1. Go to Azure

2. Go to Automation accounts

3. Click on Create

4. Type a name

5. Choose a Subscription

6. Choose the Resource group

7. Choose your region

8. Click on Create

9. Wait a bit

10. Click on Go to resource

Adding module

In case you want to use the Logs from device on SharePoint you'll need to add a module.

For that we will proceed as below:

1. Go to your automation account

2. Click on Modules gallery

3. Search: pnp.powershell

4. Click on pnp.powershell

5. Click on Import

6. Click on OK

Creating first Runbook

1. Go to your Automation accounts

2. Go to Runbooks

3. Click on + Create a runbook

4. Type a name like DiscoveredApps CSV

5. In Runbook type, select PowerShell

6. Click on Create

7. Here use script Discoveredapps_CSV.ps1

8 Click on Edit on the runbook

9. Copy script content

10. Click on Publish

11. Click on Yes

12. Go to your Runbook

13. Click on Schedules

14. Click on + Add a schedule

15. Click on Link a schedule to your runbook

16. Click on + Add a schedule

17. Type a name

18. In Recurrence, select Recuring

19. Select every 2 days

20. Click on Create

Creating second Runbook

3. Click on + Create a runbook

4. Type a name like DiscoveredApps LA

5. In Runbook type, select PowerShell

6. Click on Create

7. Here use script: Discoveredapps_LA.ps1

8 Click on Edit on the runbook

9. Copy script content

10. Click on Publish

11. Click on Yes

12. Go to your Runbook

13. Click on Schedules

14. Click on + Add a schedule

15. Click on Link a schedule to your runbook

16. Click on + Add a schedule

17. Type a name

18. In Recurrence, select Recuring

19. Select every 4 days

20. Click on Create

Check DiscoveredApps_CL 

Now scripts have been executed go to Log Analytics > Logs.

Check table DiscoveredApps_CL.

It will contain information about all applications installed on your devices.