For an Intune admin it is always helpful to get an overview of the current status of his tenant and an overview of the count of devices in the field. In this blog I would like to explain how you can use Logic apps to send you a detailed daily report.
What is Logic Apps
Microsoft Azure Logic App Services is a SaaS solution (Software as a Service) that offers many possibilities to automate processes, workflows and tasks through low code and integration of different services.
Create Logic App instance
- Open the Azure Portal
- Search for Logic apps
- Click + Add
- Select the Subscription
- Select or create a Resource Group
- Enter an unique name of the logic app
- Select a region
- Select no for log analytics unless you want to activate this
- Select Consumption as plan type
- Select Disabled for Zone redundancy
- Click Review + create
- Add tags if you want and click Review + create
- Click Create
Create an Azure Key Vault
- Search for Key Vault
- Click + Create
- Select the Subscription
- Select or create a Resource Group
- Enter an unique name of the key vault
- Select a region
- Select Standard as price tier
- Click Review + create
Create a App registration
- Search for Azure Active Directory
- Select App registration
- Select +New registration
- Enter a Name and click Register
- Click API permissions and +Add a permission
- Select Microsoft Graph
- Select Application permissions
- Search for DeviceManagementManagedDevices.Read.All
- Select Certificates & secrets and click +New client secret
- Enter a Description and select a Expires time
- Click Add
- Copy and save the Value and the Secret ID
- Open the the previously created Key Vault
- Add the Secret to the Vault
- Click Grant admin consent for *** and approve with Yes
Build the Logic app
- Start the flow with a Recurrence trigger. Set the schedule to once a day.
- Add an Azure Key Vault Get Secret action
- Enter the name of the Key Vault and sign in
- Select the previously created secret
- Add a HTTP Action
- Fillin the following Attributes:
- Click add new Parameter and select Authentication
- Select Authentication Type as Active Directory OAuth
- Add your TenantId. You can find this ID in the Azure Active Directory.
- Enter https://graph.microsoft.com as audience
- Enter your Client ID from the App registration
- Select the Secret as dynamic content (Value)
- Run the first test
- Check the body if you can see device data
- Add a Parse JSON Action
- Select Body as Content and add the following content as Schema:
{
"type": "object",
"properties": {
"@@odata.context": {
"type": "string"
},
"id": {
"type": "string"
},
"enrolledDeviceCount": {
"type": "integer"
},
"mdmEnrolledCount": {
"type": "integer"
},
"dualEnrolledDeviceCount": {
"type": "integer"
},
"deviceOperatingSystemSummary": {
"type": "object",
"properties": {
"androidCount": {
"type": "integer"
},
"iosCount": {
"type": "integer"
},
"macOSCount": {
"type": "integer"
},
"windowsMobileCount": {
"type": "integer"
},
"windowsCount": {
"type": "integer"
},
"unknownCount": {
"type": "integer"
}
}
},
"deviceExchangeAccessStateSummary": {
"type": "object",
"properties": {
"allowedDeviceCount": {
"type": "integer"
},
"blockedDeviceCount": {
"type": "integer"
},
"quarantinedDeviceCount": {
"type": "integer"
},
"unknownDeviceCount": {
"type": "integer"
},
"unavailableDeviceCount": {
"type": "integer"
}
}
}
}
}
Send status via Email
- Add an Outlook Send an Email (V2) action
- Add the Reciver in the To column
- Add an Subject
- If you want to add an date to the subject add the following expression:
string(utcNow('yyyyMMdd'))- Add the following in the Body column. (You can modify the text as you want)
Dear MDM Team,
attached your daily report:
- Total devices: @{body('Parse_JSON')?['enrolledDeviceCount']}
- Mdm enrolled: @{body('Parse_JSON')?['mdmEnrolledCount']}
- Hybrid enrolled: @{body('Parse_JSON')?['dualEnrolledDeviceCount']}
Per device group:
- Windows: @{body('Parse_JSON')?['deviceOperatingSystemSummary']?['windowsCount']}
- Android: @{body('Parse_JSON')?['deviceOperatingSystemSummary']?['androidCount']}
- iOS: @{body('Parse_JSON')?['deviceOperatingSystemSummary']?['iosCount']}
- MacOS: @{body('Parse_JSON')?['deviceOperatingSystemSummary']?['macOSCount']}
Best regards and have a nice day without troubles
Your logic app
- Now we can make an test run to check if everything works
- Check you inbox
Send status via Teams
- Create an MS Teams channel and add the webhook connector
- Copy the WebHook URL
- Add an HTTP activity to the flow
- Select POST as Method
- Enter the URL as URI
- Add Content-Type as key and application/json as value in the header
- Enter the following body
- Add
{
"text": "Dear MDM Team, \n\n attached your daily report:\n- Total devices: @{body('Parse_JSON')?['enrolledDeviceCount']}\n- Mdm enrolled: @{body('Parse_JSON')?['mdmEnrolledCount']}\n- Hybrid enrolled: @{body('Parse_JSON')?['dualEnrolledDeviceCount']}\n\nPer device group:\n- Windows: @{body('Parse_JSON')?['deviceOperatingSystemSummary']?['windowsCount']}\n- Android: @{body('Parse_JSON')?['deviceOperatingSystemSummary']?['androidCount']}\n- iOS: @{body('Parse_JSON')?['deviceOperatingSystemSummary']?['iosCount']}\n- MacOS: @{body('Parse_JSON')?['deviceOperatingSystemSummary']?['macOSCount']}"
}
- Now we can make an test run to check if everything works
Conclusion
In this blog, I’ve shown you the basics of how to create a Logic Apps to query the Intune graph API. You can extend the example of me as you like and e.g. include the current service health status or add the status of the windows update deployment.
Stay healthy, Cheers
Jannik
Modern Device Management 