GPT Intune Device Troubleshooter: AI-Powered Admin Help

GPT Intune Device Troubleshooter: AI-Powered Admin Help

I am more than happy to release my new tool the GPT Intune Device Troubleshooter. Wouldn’t it be awesome if you had an assistant to whom you could explain what you want to do in Intune, and they would do the job for you? This dream will now become reality with the GPT Intune Device Troubleshooter. If you enjoy my other Intune automation projects on my blog, you will love how this assistant fits right into your daily workflow.

GPT Intune chatbot showing an app list

Content

  1. Content
  2. What is the GPT Intune Device Troubleshooter
  3. What are the prerequisites
  4. How does it work
  5. Get access to Open AI Service
  6. How it the data privacy when I use the Azure Open AI service
  7. How to deploy the GPT Intune Device Troubleshooter
  8. What is the current feature sets and what are example calls
  9. How to create the app registration
  10. Post setup steps
  11. How to open the Webpage
  12. How does the Tool work
  13. How you can contribute?
  14. How does the roadmap look like?

What is the GPT Intune Device Troubleshooter

The GPT Intune Device Troubleshooter is a powerful tool which helps Intune admins make their day easier. It answers your free-text questions based on your environment, utilizing the Graph API. You can ask questions like “Can you check the status of the device XXXX” or “Can you give me a device list with all Android devices in CSV” and you will get the customized answer to your question. In short, the GPT Intune Device Troubleshooter turns natural language into real Graph queries so you spend less time clicking through portals.

What are the prerequisites

  • GPT enabled Subscription
  • App registration with delegated permissions for (DeviceManagementConfiguration.Read.All, DeviceManagementManagedDevices.Read.All, DeviceManagementApps.Read.All, User.Read)
Microsoft Graph API permissions for Intune device troubleshooter

How does the GPT Intune Device Troubleshooter work

Streamlit authentication architecture using GitHub, GPT, and Graph
  • You can deploy the infrastructure with one click from GitHub to Azure
  • The code will be pulled to the app service
  • The user opens the Streamlit web page
  • The user authenticates via an app registration with delegated permissions for Graph
  • This token will be used to get data from Graph and put it into a prompt
  • This prompt with the question and enriched information will be sent to the Open AI service
  • The answer will be presented on the Streamlit web page
GPT Intune Device Troubleshooter workflow with Graph API

Get access to Open AI Service

Fill out the following request form to enable your subscription to deploy Open AI services.

How it the data privacy when I use the Azure Open AI service

You can find more information about privacy in this MS doc.

How to deploy the GPT Intune Device Troubleshooter

You don’t have to do much. The whole magic of the GPT Intune Device Troubleshooter is behind this button.

But you can also deploy the infrastructure and the code manually via my GitHub repository.

Azure template deployment screen for GPT Intune troubleshooter
  • Select the subscription and the resource group
  • Select the region and the Website sku
  • Enter a name for the site and the Open AI service account

What is the current feature sets and what are example calls

Currently the following features are supported:

  • Get Device List
  • Get Device Status
  • Get Single Device
  • Intune How To
  • Config Profiles
  • App List
  • Compliance Policies
  • Device Group Membership
  • Graph Call

Examples are:

  • Can you give me a device list with all android devices in csv
  • Can you check the status of the device XXXXX
  • Can you check the status of the device XXXX and list the object which has conflict or have errors
  • Can you give me a list of all applications
  • Can you show me a list in csv of all apps which are created later than 01.01.2022
  • In which groups is XXXX? Can you give me the display name and the ids

How to create the app registration

Entra portal App registrations blade overview
  • Click + New registration
  • Enter a name for the App registration
  • Select Single-Page Application (SPA) as the redirect type
  • Add https://WEBPAGENAME.azurewebsites.net/login/callback as Redirect URI
New app registration form with SPA redirect URI
  • Copy the App ID
App registration overview page showing the Application ID
  • Go to API permissions and click + Add a permission
Add a permission dialog in the API permissions blade
  • Select Graph
Selecting Microsoft Graph in the request API permissions panel
  • Select Delegated permissions
Choosing Delegated permissions for Microsoft Graph
  • Add the following permissions (DeviceManagementConfiguration.Read.All, DeviceManagementManagedDevices.Read.All, DeviceManagementApps.Read.All, Group.Read.All, User.Read, Device.Read.All)
  • Click Grant admin consent for XXX
Granted Graph delegated permissions with admin consent

Post setup steps

To finish wiring up the GPT Intune Device Troubleshooter, add the App ID and the secret from the Open AI Service to the variables in the App Service configuration.

  • Open the Open AI Service
Azure resource group list with the Open AI Service
  • Go to Keys and Endpoint
Azure Open AI Keys and Endpoint blade
  • Open the App Service
Azure resources list with the App Service selected
  • Navigate to Configurations
  • Fill in the Azure Open AI key and the App ID into the variables
App Service configuration variables for key and App ID

How to open the Webpage

  • Go to the App Service and Select Browse
App Service overview page with the Browse button

How does the Tool work

  • Click on login to get a token to authenticate on Graph
GPT Intune Device Troubleshooter chat login screen
  • Insert your question in the chat box
Chat answer exporting Android devices to CSV

How you can contribute?

The GPT Intune Device Troubleshooter is an open project, so it grows with your input. If you have ideas for improvements or for missing features as well as bugs, contact me via my blog, social media, or open an issue on the repository with a description of your idea. You can also create a merge request. I am happy for every contribution and feedback.

How does the roadmap look like?

Please provide me with feedback. Based on your feedback, I will include and prioritize the features I add to the GPT Intune Device Troubleshooter next.

Beta roadmap of upcoming tool features

22 thoughts on “GPT Intune Device Troubleshooter: AI-Powered Admin Help

  1. Hi Jannik, I just deployed the template in my tenant for testing and configured the settings like you described in the blog post. Unfortunately after I hit login and choose the user nothing happens. I’m not logged and therefore can’t use the site. Tried it already with different user accounts of the tenant. Is this problem already known?

  2. @christian, what error message do you get? I logged in successfully.

    @Jannik, I am waiting on your reply to the “none” reply issue. Everything I ask in the chat, I am also getting the answer “none” from the bot. I have to say that I gave the app registration more read rights than given in this article, because I want him to read and tell me a lot more. Example, we have multiple countries and all in Intune, so I want to ask in the chat to sent me a list of all users in a specific security group and list all devices per users that are a member of that group. is that even possible for this ai bot?

  3. @christian, what error message do you get? I logged in successfully.

    @Jannik, I am waiting on your reply to the “none” reply issue. Everything I ask in the chat, I am also getting the answer “none” from the bot. I have to say that I gave the app registration more read rights than given in this article, because I want him to read and tell me a lot more. Example, we have multiple countries and all in Intune, so I want to ask in the chat to sent me a list of all users in a specific security group and list all devices per users that are a member of that group. is that even possible for this ai bot?

  4. Hi Jannik, with version 1.27.0 of Streamlit (released towards the end of September) your script no longer seems to work. Here the error:

    TypeError: expected string or bytes-like object
    Tracebacks:
    File “/tmp/8dbd0b0d9280f02/antenv/lib/python3.10/site-packages/streamlit/runtime/scriptrunner/script_runner.py”, line 541, in run
    scripts
    exec(code, module.dict)File “/tmp/8dbd0b0d9280f02/website/app.py”, line 161, in
    response = util.get_category(category_list, prompt)File “/tmp/8dbd0b0d9280f02/website/modules/utility.py”, line 169, in get_category
    category_match = re.search(r’Category:\s(.?)\s*(?=Devicename|$)’, response, re.I | re.S)File “/opt/python/3.10.12 /lib/python3.10/re.py”, line 200, in search
    return _compile(pattern, flags).search(string)

  5. Hi There I just got the okay to have this deployed to Azure and I’m a newbie to this, but when I set the deploy with thefollowing as I’m in Canada east side I get the errors below.
    Basics
    Subscription
    Microsoft Azure Sponsorship
    Resource group
    IntuneAI
    Region
    Canada East
    Sites_name
    IntuneCLC
    Accounts_name
    IntuneOpenCLC
    Website_sku
    F1
    The specified SKU ‘Standard’ for model ‘gpt-35-turbo 0301’ is not supported in this region ‘canadaeast’. (Code: InvalidResourceProperties)
    Validation failed for a resource. Check ‘Error.Details[0]’ for more information. (Code: ValidationForResourceFailed)
    This subscription has reached the limit of 1 Free Linux app service plan(s) it can create in this region. Please choose a different sku or region. (Code: FreeLinuxAtRegionalCapacityForSubscription)

    Can you tell me what I’m doing wrong? I’ve tried different locations and SKU but still fails

Comments are closed.