Get notified on a Teams channel on top 20 devices with BSOD including BSOD log files

Reply A+ A-

In this post I will show you how to receive a list of top 20 devices with BSOD during last month including BSOD details and link to log files on a Teams channel.


See below what we want:

- List top 20 devices BSOD during last month

- Get device name, model, count of BSOD, last BSOD date and code

- Get direct access to log files for troubleshooting

- Get the list with a Teams notification

The solution

We will use PowerShell, MS Graph and Azure Automation to get the list.

Check my first post, here, to know how to use MS Graph to get the list.

We will proceed as below:

1. Create a script in Azure Automation

2. It will get BSOD during last 30 days

3. Then sends the top 20 list on Teams

4. We will schedule it to run every x days

You will find there two scripts (two automation runbook):

- Runbook_without_CSV.ps1

- Runbook_with_CSV.ps1

Teams notif without CSV

In this part we will display two teams notif.

This first one will list of devices with BSOD with device name, model, BSOD count...

See below an overview:

The second notif will list devices name and link to logs:

The automation runbook to use is: Runbook_without_CSV.ps1

Teams notif with CSV

In this part we will display one teams notif.

This one allows you to open all devices with BSOD details in a CSV format from a button.

See below an overview:

The automation runbook to use is: Runbook_with_CSV.ps1

Get the script

Click on the below GitHub picture to get the script.

You will find two scripts (more info below):

- Runbook_without_CSV.ps1

- Runbook_with_CSV.ps1

Collects BSOD logs

The teams notif allows you to get access to the logs of each device with BSOD for a better troubleshooting.

For this part I use a remediation script that 

1. Checks if a BSOD occurred 

2. If yes collects some logs

3. Sends logs as ZIP to SharePoint

You can get this remediation script there.

Creating Teams webhook

Purpose: In this part, we will create a connector on a Teams channel allowing you to automate ability to send Teams notif.

For that, we will proceed as below:

1. Go to your channel

2. Click on the ...

3. Click on Connectors

4. Go to Incoming Webhook

5. Type a name

6. Click on Create

7. Copy the Webhook path

To configure it in the runbook, proceed as below:

1. Open Runbook_without_CSV.ps1 or Runbook_with_CSV.ps1

2. Search variable $Webhook_URL

3. Add your webhook URL

Creating the SharePoint application

We will create a SharePoint application to upload devices logs on SharePoint when BSOD occured.

This app will also be used in runbooks to check logs part for top devices with BSOD.

For that check my post here.

To configure it in the runbook proceed as below:

1. Edit PS1 file

2. Set below variables:

- $ClientID = "Your SharePoint app client ID"

- $Secret = "Your SharePoint app secret"       

- $Site_URL = "Your SharePoint site URL"

- $BSOD_Folder_Location = "SharePoint folder containing BSOD log files"

How to use the script ?

See below some variables depending of the script solution you want to use.

Teams notif without CSV

The automation runbook to use is: Runbook_without_CSV.ps1

There you will need to set below variables:

Teams notif with CSV

The automation runbook to use is: Runbook_with_CSV.ps1

There you will need to set below variables:

Azure Automation account

Creating the account

1. Go to Azure

2. In the search bar type: Automation accounts

3. Go to Automation accounts

4. Click on Create

5. Type a name

6. Choose a Subscription

7. Choose the Resource group

8. Choose your region

9. Click on Create

10. Wait a bit

11. Click on Go to resource

Adding permissions

Once the Managed Identity has been configured a new Enterprise application will be created.

Then you need to add permissions to be able to actions.

The required permissions is the following: 

- DeviceManagementConfiguration.Read.All 

- DeviceManagementManagedDevices.Read.All

To add this permission you will need to use PowerShell, it can't be done through the portal.

For that use the script Assign_permission.ps1 on my GitHub repo.

You just need to fill below variables:

- $TenantID: your tenant ID

- $DisplayNameOfMSI: name of your automation account

Creating a Runbook

1. Go to your Automation accounts

2. Go to Runbooks

3. Click on + Create a runbook

4. Type a name

5. In Runbook type, select PowerShell

6. Click on Create

7. Choose one of the PS1 file

8 Click on Edit on the runbook

9. Copy script content

10. Click on Publish

11. Click on Yes

12. Go to your Runbook

13. Click on Schedules

14. Click on + Add a schedule

15. Click on Link a schedule to your runbook

16. Click on + Add a schedule

17. Type a name

18. In Recurrence, select Recuring

19. Select every 2 days

20. Click on Create

slider 4048658619942586246

Enregistrer un commentaire

Accueil item


Learn KQL in one month


You want to support me ?

Mes articles en français

Books in French