Detect anomalies in your Intune environment with Azure Cognitive Services – Part 2 Application Installations

In one of my previous blog posts I explained how you can use Azure Automation and Azure Cognitive service to monitor the compliance state of your environment and notify you if there are major deviations today. In this part of the series I want to show you how you can apply this to the deployment of your applications and also get notified if the installation of an application suddenly fails abnormally often.

How did we get the data

Each app in your portfolio in Intune gives you a very good reporting per device how the status of the installation was. You can see if the installation was successful or if it is failed. This is exactly the information we want to monitor.

To get this information we start a network trace in the Edge browser and refresh the view. In the trace we get the graph endpoint. The graph endpoint must be called with a POST request with a few parameters in the body to specify the which data we want to receive.

This is all the information we need so let’s get started.

Deployment of Azure Cognitive Service anomaly detector

  • Click + Create
  • Select a Subscription and Resource group
  • Select a Region and enter the Name of the Anomaly Detector
  • Select the price tier (For testing Free F0 is sufficient)
  • Click Create

Get Teams WebHook URL

  • Create an MS Teams channel and add the webhook connector
  • Copy the WebHook URL

Create a App Registration

  • Search for Azure Active Directory
  • Select App registration
  • Select +New registration
  • Enter a Name and click Register
  • Click API permissions and +Add a permission
  • Select Microsoft Graph
  • Select Application permissions
  • Search for DeviceManagementApps.Read.All
  • Click Grant admin consent for *** and approve with Yes
  • Select Certificates & secrets and click +New client secret
  • Enter a Description and select a Expires time
  • Click Add
  • Copy and save the Value and the Secret ID

Create Automation Account

  • Search for Automation Accounts
  • Click + Create
  • Select a Subscription and a Resource group
  • Enter and account name and select a Region
  • Click Next
  • Click Next
  • Click Next -> Next -> Create

Create the Runbook

  • Open the Automation Account
  • Navigate to Variables and click + Add a variable
  • Add the Secret Value, TenantId, AnomalyKey, WebHookUri and the App ID as Variable
  • Select Runbooks
  • Click + Create a runbook
  • Enter a Name
  • Select PowerShell as Runbook type
  • Select 5.1 as Runtime version
  • Click Create
  • Insert the Script from my Github repository
  • Edit the variables $anomalyEndpoint (add here your endpoint from the cognitive service)

Hint: If you want to change the sensitivity of the anomaly detection you can adjust the attributes:
maxAnomalyRatio: The maximum anomalies to be detected in terms of the ratio of total data points.
– sensitivity: Specify a lower value to ensure that fewer anomalies are accepted

  • Save and test the script
  • Click Publish
  • Navigate to Schedules and click + Add a schedule
  • Click Link to schedule and add the created schedule


I hope you enjoyed the second part of my series and I could help you to become aware of errors in your Intune environment earlier. Applications deployment is a very central part of good device management and to ensure user productivity it is important that it works reliably and error free. In order to be able to react as fast as possible when there are problems with individual applications, you get notifications sent directly to a teams channel via this implementation.

Stay healthy, Cheers

3 thoughts on “Detect anomalies in your Intune environment with Azure Cognitive Services – Part 2 Application Installations

Comments are closed.