I am more than happy to release my new tool the GPT Intune Device Troubleshooter. Wouldn’t it be awesome if you had an assistant to whom you could explain what you want to do in Intune, and they would do the job for you? This dream will now become reality with the GPT Intune Device Troubleshooter.
Content
- Content
- What is the GPT Intune Device Troubleshooter
- What are the prerequisites
- How does it work
- Get access to Open AI Service
- How it the data privacy when I use the Azure Open AI service
- How to deploy the GPT Intune Device Troubleshooter
- What is the current feature sets and what are example calls
- How to create the app registration
- Post setup steps
- How to open the Webpage
- How does the Tool work
- How you can contribute?
- How does the roadmap look like?
What is the GPT Intune Device Troubleshooter
The GPT Intune Device Troubleshooter is a powerful tool which helps Intune admins make their day easier. It answers your free-text questions based on your environment, utilizing the Graph API. You can ask questions like “Can you check the status of the device XXXX” or “Can you give me a device list with all Android devices in CSV” and you will get the customized answer to your question.
What are the prerequisites
- GPT enabled Subscription
- App registration with delegated permissions for (DeviceManagementConfiguration.Read.All, DeviceManagementManagedDevices.Read.All, DeviceManagementApps.Read.All, User.Read)
How does it work
- You can deploy the infrastructure with one click from GitHub to Azure
- The code will be pulled to the app service
- The user opens the Streamlit web page
- The user authenticates via an app registration with delegated permissions for Graph
- This token will be used to get data from Graph and put it into a prompt
- This prompt with the question and enriched information will be sent to the Open AI service
- The answer will be presented on the Streamlit web page
Get access to Open AI Service
Fill out the following request form to enable your subscription to deploy Open AI services.
How it the data privacy when I use the Azure Open AI service
You can find more information about privacy in this MS doc.
How to deploy the GPT Intune Device Troubleshooter
You don’t have to do much. The whole magic is behind this button.
But you can also deploy the infrastructure and the code manually via my GitHub repository.
- Select the subscription and the resource group
- Select the region and the Website sku
- Enter a name for the site and the Open AI service account
What is the current feature sets and what are example calls
Currently the following features are supported:
- Get Device List
- Get Device Status
- Get Single Device
- Intune How To
- Config Profiles
- App List
- Compliance Policies
- Device Group Membership
- Graph Call
Examples are:
- Can you give me a device list with all android devices in csv
- Can you check the status of the device XXXXX
- Can you check the status of the device XXXX and list the object which has conflict or have errors
- Can you give me a list of all applications
- Can you show me a list in csv of all apps which are created later than 01.01.2022
- In which groups is XXXX? Can you give me the display name and the ids
How to create the app registration
- Open the Entra portal
- Select App registration
- Click + New registration
- Enter a name for the App registration
- Select Single-Page Application (SPA) as the redirect type
- Add
https://WEBPAGENAME.azurewebsites.net/login/callbackas Redirect URI
- Copy the App ID
- Go to API permissions and click + Add a permission
- Select Graph
- Select Delegated permissions
- Add the following permissions (DeviceManagementConfiguration.Read.All, DeviceManagementManagedDevices.Read.All, DeviceManagementApps.Read.All, Group.Read.All, User.Read, Device.Read.All)
- Click Grant admin consent for XXX
Post setup steps
Add the App ID and the secret from the Open AI Service to the variables in the App Service configuration.
- Open the Open AI Service
- Go to Keys and Endpoint
- Open the App Service
- Navigate to Configurations
- Fill in the Azure Open AI key and the App ID into the variables
How to open the Webpage
- Go to the App Service and Select Browse
How does the Tool work
- Click on login to get a token to authenticate on Graph
- Insert your question in the chat box
How you can contribute?
If you have ideas for improvements or for missing features as well as bugs, contact me via my blog, social media, or open an issue on the repository with a description of your idea. You can also create a merge request. I am happy for every contribution and feedback.
How does the roadmap look like?
Please provide me with feedback. Based on your feedback, I will include and prioritize the features I will add.
Hi Jannik,
Great work and thanks for the demo at the Endpoint Management Summit. We tried it out in our demo tenant.
When i ask for a device list it works ok, but if i the same question again it says “None”.
How can we troubleshoot this?
Hi Jannik,
What is the scope of questions and how can we troubleshoot if questions asked are answered with “none”?
I got this feedback from several person. I am in the investigation
Thanks for theis, this could be game changing. After deploying, we get normal chatgpt responses, but it simply answers ‘none’ to any questions about our tenant. anything jump out that we might have missed?
I got this feedback from several person. I am in the investigation
Looks great! Question would this work with Azure Openai ?
It is build based on azure open ai 😀
Hi Jannik, I’ve implemented your solution but all the queries you mentioned come back as “None”. Do you know if something happened that is causing this issue? Thanks
I got this feedback from several person. I am in the investigation
Hi Jannik, I just deployed the template in my tenant for testing and configured the settings like you described in the blog post. Unfortunately after I hit login and choose the user nothing happens. I’m not logged and therefore can’t use the site. Tried it already with different user accounts of the tenant. Is this problem already known?
@christian, what error message do you get? I logged in successfully.
@Jannik, I am waiting on your reply to the “none” reply issue. Everything I ask in the chat, I am also getting the answer “none” from the bot. I have to say that I gave the app registration more read rights than given in this article, because I want him to read and tell me a lot more. Example, we have multiple countries and all in Intune, so I want to ask in the chat to sent me a list of all users in a specific security group and list all devices per users that are a member of that group. is that even possible for this ai bot?
@christian, what error message do you get? I logged in successfully.
@Jannik, I am waiting on your reply to the “none” reply issue. Everything I ask in the chat, I am also getting the answer “none” from the bot. I have to say that I gave the app registration more read rights than given in this article, because I want him to read and tell me a lot more. Example, we have multiple countries and all in Intune, so I want to ask in the chat to sent me a list of all users in a specific security group and list all devices per users that are a member of that group. is that even possible for this ai bot?
Hi Jannik, with version 1.27.0 of Streamlit (released towards the end of September) your script no longer seems to work. Here the error:
TypeError: expected string or bytes-like object
Tracebacks:
File “/tmp/8dbd0b0d9280f02/antenv/lib/python3.10/site-packages/streamlit/runtime/scriptrunner/script_runner.py”, line 541, in run
scripts
exec(code, module.dict)File “/tmp/8dbd0b0d9280f02/website/app.py”, line 161, in
response = util.get_category(category_list, prompt)File “/tmp/8dbd0b0d9280f02/website/modules/utility.py”, line 169, in get_category
category_match = re.search(r’Category:\s(.?)\s*(?=Devicename|$)’, response, re.I | re.S)File “/opt/python/3.10.12 /lib/python3.10/re.py”, line 200, in search
return _compile(pattern, flags).search(string)
@mrv, I was able to log in successfully after deleting the Azure RG and redeploying the whole template to a different subscription. I don’t know what exactly the problem was but it is fixed now.
Hi There I just got the okay to have this deployed to Azure and I’m a newbie to this, but when I set the deploy with thefollowing as I’m in Canada east side I get the errors below.
Basics
Subscription
Microsoft Azure Sponsorship
Resource group
IntuneAI
Region
Canada East
Sites_name
IntuneCLC
Accounts_name
IntuneOpenCLC
Website_sku
F1
The specified SKU ‘Standard’ for model ‘gpt-35-turbo 0301’ is not supported in this region ‘canadaeast’. (Code: InvalidResourceProperties)
Validation failed for a resource. Check ‘Error.Details[0]’ for more information. (Code: ValidationForResourceFailed)
This subscription has reached the limit of 1 Free Linux app service plan(s) it can create in this region. Please choose a different sku or region. (Code: FreeLinuxAtRegionalCapacityForSubscription)
Can you tell me what I’m doing wrong? I’ve tried different locations and SKU but still fails
The problem is that the region you selected dont support the gpt service. Can you switch to an other one. Here you can find the supported locations:
https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models
I have followed this Blog and Deans Video too – all configs are up and running, i can logon OK but when asking to show me a list of windows devices in my tenant I get NONE. Same for ios devices etc… infact every response i get is NONE.
Hi Jannik, any more news on the issue of NONE responses?
Hey sorry for this late response. I got this error reported from many testers. Currently I have limited time to investigate into this issue and I can’t reproduce this. Will try to work on this in the coming days.