Collecting Lenovo BIOS Settings in Log Analytics with Intune

In this post, we will see how to send BIOS settings for your Lenovo devices on Log Analytics through a remediation script in order to create a dashboard later.

Context

You have Lenovo devices managed by Intune.

You want to monitor settings configured on the BIOS side.

You want to gather all settings and create a dashboard.

The solution

- Creating a remediation script

- It collects BIOS settings

- It sends data to Log Analytics

Sources to download

Click on the below GitHub picture to get following files:

- Detection_LogAnalyticsv1.ps1

- Detection_LogAnalyticsv2.ps1

- DCR_Table.json: Table to ingest in DCR

Implementing with Log Analytics v1

In order to create this report we will need to add some information relative to the Log Analytics workspace in the PS1 script.

See below required info:

- Workspace ID

- Primary key

To get those information go to Log Analytics Workspace > Agents management

You will find both Workspace ID and Primary key.

Then we will proceed as below:

1. Open the file Detection_script.ps1

2. Fill below variables:

- $CustomerID: workspace ID

- $ShareKey: Primary key

Implementing with Log Analytics v2

Create Data Collection Endpoint

1. Go to the Entra portal

2. Go to Monitor

3. Go to Data Collection Endpoints 

4. Click on Create

5. Type a name

6. Choose a subscription, resource group, region

7. Click on Review+Create then Create

8. Once created, click on the DCE

9. Go to Overview

10. Copy the Logs Ingestion value

You will need it in the runbook

Create custom log (DCR)

We will proceed as below:

1. Go to your Log Analytics workspaces

2. Go to Tables

3. Click on Create 

4. Click on New custom log (DCR based)

5. As name type Lenovo_BIOSSettings_CL

!! Don't change it !!

6. Click on Create a new data collection rule 

7. Choose a Subscription, resource group

8. Type a Name 

9. Select the DCE 

10. Click on Next

11. Click on Browse for files

12. Select DCR_Table.json

13. Click on Next > Create

14. Go to Monitor

15. Go to Data collection rules 

16. Go to your DCR

17. Go to Overview

18. Click on JSON View

19. Copy the immutableId value

You will need it in the detection script.

Now we need to give the application permission to use the DCR. 

For that proceed as below:

1. Go to your DCR

2. Go to Access Control (IAM) 

3. Click on Add role assignment

4. Check Monitoring Metrics Publisher 

5. Click on Next

7. Click on Select members

9. Choose the app registration name

10. Click on Select

11. Click on Review + assign 

The remediation script

The remediation script to use is Detection.ps1

By default the script will collect all BIOS settings.

You can choose to collect only some specific settings.

For that, set the variable $Export_All_Settings to $False.

Then add settings to collect on the variable $Settings_to_add.

You need to fill the following variables: 

$DcrImmutableId, $DceURI, $Table, $appId, $tenantId, $appSecret.

Creating the Remediation script

1. Go to the Intune portal

2. Go to Devices

3. Go to Remediations

4. Click on Create script package

5. Type a name

6. Click on Next

7. Click on Detection script file

8. Browse to Detection.ps1

11. Click on Next

The custom log

Now you have created the remediation script, you should see data in the custom log.

To check that, proceed as below:

1. Go to Log Analytic workspace

2. Go to Logs

4. Go to KQL mode

5. Type Lenovo_BIOSSettings_CL

6. You should see data as below: 

What's next

In the next post, I will share a dashboard with collected data.