In one of my previous blog posts I explained how you can use Azure Automation and Azure Cognitive Services (now Azure AI Services) to monitor the compliance state of your environment and notify you if there are major deviations. In this part of the series I want to show you how you can apply this to the deployment of your applications and also get notified if the installation of an application suddenly fails abnormally often.
How did we get the data
Each app in your portfolio in Intune provides detailed per-device reporting on the status of the installation. You can see whether the installation was successful or if it failed. This is exactly the information we want to monitor.
To get this information we start a network trace in the Edge browser and refresh the view. In the trace we get the graph endpoint. The graph endpoint must be called with a POST request with a few parameters in the body to specify which data we want to receive.
This is all the information we need so let’s get started.
Deployment of the Azure AI Services Anomaly Detector
- Open the Azure Portal and Search for Anomaly detectors
- Click + Create
- Select a Subscription and Resource group
- Select a Region and enter the Name of the Anomaly Detector
- Select the price tier (For testing Free F0 is sufficient)
- Click Create
Get Teams WebHook URL
- Create an MS Teams channel and add the webhook connector
- Copy the WebHook URL
Create a App Registration
- Search for Microsoft Entra ID
- Select App registration
- Select +New registration
- Enter a Name and click Register
- Click API permissions and +Add a permission
- Select Microsoft Graph
- Select Application permissions
- Search for DeviceManagementApps.Read.All
- Click Grant admin consent for *** and approve with Yes
- Select Certificates & secrets and click +New client secret
- Enter a Description and select a Expires time
- Click Add
- Copy and save the Value and the Secret ID
Create Automation Account
- Search for Automation Accounts
- Click + Create
- Select a Subscription and a Resource group
- Enter an account name and select a Region
- Click Next
- Click Next
- Click Next -> Next -> Create
Create the Runbook
- Open the Automation Account
- Navigate to Variables and click + Add a variable
- Add the Secret Value, TenantId, AnomalyKey, WebHookUri and the App ID as Variable
- Select Runbooks
- Click + Create a runbook
- Enter a Name
- Select PowerShell as Runbook type
- Select 5.1 as Runtime version
- Click Create
- Insert the Script from my Github repository
- Edit the variables $anomalyEndpoint (add here your endpoint from the Azure AI Services Anomaly Detector)
Hint: If you want to change the sensitivity of the anomaly detection you can adjust the attributes:
– maxAnomalyRatio: The maximum anomalies to be detected in terms of the ratio of total data points.
– sensitivity: Specify a lower value to ensure that fewer anomalies are accepted
- Save and test the script
- Click Publish
- Navigate to Schedules and click + Add a schedule
- Click Link to schedule and add the created schedule
Conclusion
I hope you enjoyed the second part of my series and that I could help you become aware of errors in your Intune environment earlier. Application deployment is a very central part of good device management, and to ensure user productivity it is important that it works reliably and error-free. In order to react as quickly as possible when there are problems with individual applications, this implementation sends notifications directly to a Teams channel.
Stay healthy, Cheers
Jannik