This guide is for integrating Intune logs to QRadar.
To Integrate Intune logs to Qradar below are the steps:
- Register Graph API app on Azure AD.
- Give permissions to the App.
- Share the app details with SecurityHQ.
- Register Graph API app on Azure AD
- Give permissions to the App
Please apply below permissions to this App (both “Application” and “Delegated “):
- Share the app details with SecurityHQ
To pull logs, we would require:
- App ID/ClientID
- Directory (tenant ID)
- App Secret