Export top 20 Intune devices with BSOD to a CSV on SharePoint with Logic App

In this post I will show you how to use Logic App to get a teams notif with a list of top 20 devices with BSOD during last month.

Context

See below what we want:

- Know which devices had BSOD during last month

- Get a list of top 20 devices BSOD

- Get device name, model, count of BSOD

- Receive the list with a Teams notification

The solution

The solution results in few steps:

1. Create an Azure Application

2. Create a Logic App

3. Logic App uses MS Graph to get BSOD list

4. It will use the Azure App to get the list

The notification

The teams notification looks like as below:

Requirement 1: an Azure Application

The first step is to create an Azure Application.

This one will be used to authenticate and execute MS Graph query to get BSOD list.

Creating the Azure Application

1. Go to App registrations

2. Click on New registration

3. Type a name

4. Let other fields by default

5. Click on Register

Adding permissions

Here we want to add some permissions to our Azure Application.

Those permissions will be used by our Logic App to execute some MS Graph request.

We want to get BSOD info. The permission required for this is the following one: DeviceManagementManagedDevices.Read.All

See here for more info. 

We will proceed as below:

1. Go to API permissions

2. Click on Add a permission

3. Choose Microsoft Graph

4. Choose Application permissions

5. Type DeviceManagementManagedDevices

6. Check DeviceManagementManagedDevices.Read.All

7. Click on Add permissions

8. Click on Grant admin consent

Creating a secret

Here we want to configure a secret for our Azure Application.

This secret will be used as a password in our Logic App to execute MS Graph request.

We will proceed as below:

1. Go to Certificates & Secrets

2. Go to Clients secrets

3. Click on New client secret

4. In description type a name

5. Choose when it should expire

6. Click on Add

Want to secure it ?

You can also secure it by adding you secret on a Key Vault or use a Managed Identity to execute MS Graph request.

You will soon find a blog series about Getting started with Logic App for Intune monitoring stuff.

Requirement 2: Teams webhook

The Teams webhook allows us to send a notification on a Teams channel.

To create a webhook proceed as below:

1. Go to your channel

2. Click on the ...

3. Click on Connectors

4. Go to Incoming Webhook 

5. Type a name

6. Click on Create

7. Copy the Webhook path

Creating the Logic App

1. Go to Logic Apps

2. Click on Add

3. Choose a subscription

4. Choose a resource group

5. Type a name

6. Choose a Region

7. Select Consumption

8. Click on Review + Create

Logic App step by step

The Logic App workflow looks like as below:

We have there 6 steps:

- Schedule the app - Recurrence 

- Get BSOD info with MS Graph - HTTP request

- Parse JSON from MS Graph - Parse JSON

- Initialize array of values - Initialize variables

- Create HTML table

- Send result to Teams - HTTP request

Step 1 - Recurrence

This step allows you to schedule the execution of the Logic App.

1. Go to Logic App Designer

2. Click on recurrence

3. Choose your schedule

Step 2 - Get BSOD with MS Graph

This step allows you to use MS Graph to query Intune and get the list of last BSOD.

Do add it proceed as below:

1. Click on + then Add an action

2. Type HTTP 

3. Choose HTTP

4. In Method select GET

5. In URI type the below one:

https://graph.microsoft.com/beta/deviceManagement/userExperienceAnalyticsDevicePerformance?dtFilter=all&$orderBy=blueScreenCount%20desc&`$top=2&$filter=blueScreenCount%20ge%201%20and%20blueScreenCount%20le%2050&$select=devicename,model,blueScreenCount

6. Clic on Add new parameter

7. Check Authentication

8. Select Active Directory OAuth

9. In TenantID, type your tenant id

10. In Audience, type https://graph.microsoft.com

11. In Client ID, type the client id of the azure app

12. In Credential type, choose Secret

13. In Secret, type the secret of the azure app

14. Save the app

15. Click on Run trigger > Run

16. Go to Get BSOD info

17. Go to the Body part

18. Copy content

We will use the body content in the Parse JSON part (just below).

Step 3 - Parse JSON content

This step allows you to use MS Graph to query Intune and get the list of last BSOD.

BSOD info are received through the previous HTTP action. We need to parse content of the received information using a Parse JSON action.

We need to configure the schema with provided by the previous HTTP step.

For that we need to first run the trigger and get Body result from the HTTP action. 

This is what we have done in the part 18 from the previous step.

See below how to proceed:

1. Click on + then Add an action

2. Type Parse JSON

3. It's a component of Data operations

4. Select Parse JSON

5. Click on Content 

6. Go to Dynamic content and type Body

7. Select Body

8. Click on Use sample payload to generate schema

9. Paste JSON content copied from Step 2 part

Step 4 - Initialize array

This step allows you to prepare your data by intializing an array that will contains BSOD info.

See below how to proceed:

1. Click on + then Add an action

2. Type initialize variables

3. It's a component of Variables

4. Choose Initialize variables

5. In Name, select JSONArray

6. In Type, choose Array

7. Click on Value

8. In Dynamic content, type value

9. Select value

Step 5 - Create HTML table

This step allows you to configure the output as a table in HTML format.

See below how to proceed:

1. Click on + then Add an action

2. Type Create HTML

3. It's a component of Data operations

4. Select Create HTML table

5. In Name, select JSONArray

6. In From, choose JSONArray

7. In Columns, select Automatic

Step 6 - Send Teams notif

This step allows you to send the result in a Teams notif.

See below how to proceed:

1. Click on + then Add an action

2. Type HTTP 

3. Choose HTTP

4. In Method select POST

5. In URI use URL of your webhook

6. In Body copy the below one:

7. See below an overview of the notif: