Forum Discussion
Intune Alerts
I would like to create alerts in Intune to trigger for different events.
For e.g.
Device is enrolled in Intune.
Device is encrypted/decrypted from bitlocker.
Device is Enrolled Hybrid Entra Join
Device is enrolled in Defender Intune policy, etc.....
and all others. How can this be done and what licenses are required If any?
Yes, Log Analytics is crucial for creating custom alerts in Azure Monitor, and its licensing depends on the amount of data processed. Additionally, you’ll need Azure AD Premium P1 or P2 for advanced audit logs and features like Hybrid Entra Join. Microsoft Intune is already included in Microsoft 365 E3/E5, so you're covered there. If you’re using Microsoft Sentinel, there might be extra costs for log analysis and security features.
As an alternative, you can use Microsoft Graph API + Power Automate to monitor specific events and send notifications without relying on Log Analytics. For example, you can track device enrollments and get email alerts. You can also check Endpoint Manager Reports or the Security & Compliance Center, but these require manual review and won’t provide real-time alerts.
You can Also Use Logic app to generate alert by creating workflow .
AhmedSHMKHi, intune doesn’t have a built-in feature to automatically create alerts for events like device enrollment, BitLocker status changes, Hybrid Entra Join, or Defender policy assignments.
However, you can set up a monitoring system by using logs and tools like Azure Monitor, Log Analytics, or Power Automate.The first step is to export the logs. Intune and Azure AD record these events in diagnostic and audit logs. You can configure these logs to be sent to Log Analytics via Azure Portal. Go to Microsoft Endpoint Manager - Tenant Administration - Diagnostics Settings and set up log export to your Log Analytics Workspace. This allows you to monitor and analyze all the data you need.
Once the workspace is configured, you can create queries using Kusto Query Language (KQL) to identify specific events you want to track, such as device enrollments or BitLocker status changes.
Next, go to Azure Monitor and create an Alert Rule. Choose your query as the condition, set a threshold (for example, “when at least one event is found”), and configure an action group to receive notifications via email, SMS, or webhook.
Alternatively, you can use Power Automate or Logic Apps to create more interactive workflows. With Power Automate, you can monitor logs through Microsoft Graph API and generate notifications whenever a specific event is detected, such as a new enrollment or a configuration change.
micheleariis Thanks for your reply. Seems I need log analytics license to perform this. Not sure if any other license will be required too.
Otherwise if any other alternative to get such reports and alerts.
