Collect and report on custom data with Intune

Standard

This weeks blogpost is about collecting ‘custom’ data which is not inventoried by Intune or Windows Analytics in a Windows 10 Modern Management scenario. In a modern management scenario data about the device like Device Model, Installed Applications, Windows Updates Compliance are collected by either Microsoft Intune or Windows Analytics. But at this moment there are some ‘gaps’ when looking to which data is collected and which not, examples are BIOS information and Office365 Pro-Plus deployment information. In this blogpost I’m describing a solution which you can use to collect additional data and create reports based on the collected data.

My end goal for this blogpost is to collect and report on Office 365 Pro-Plus deployment information like the installed version, configured update channel and installed languages. This information is at this moment not collected by Microsoft Intune and also not available through Windows Analytics. This solution is using Microsoft Intune to deploy a PowerShell script on the Windows 10 client which will collect the information from the registry and writes the information to a Azure File Share. Each Windows 10 client to which this script is deployed will create a separate .csv file on the Azure File Share. On my local workstation I created a script which collects all the .csv files and create one large CSV file with all the information. The last step is to use this CSV file in Excel or PowerBI to create reports. Now lets start with creating this solution:

Create Storage Account:

  1. Go to https://portal.azure.com and go to Storage Accounts
  2. Create a new Storage account of the type ‘Storage (general purpose v1)’ and enable Secure transfer required to encrypt the traffic between the client and the Azure File Share.
  3. Create a file share in the newly created storage account;
  4. Copy the Storage account name and the first Storage Account key

The next step is to create the PowerShell script within Intune which will run on the Windows 10 clients and writes the information to the Azure File Share

PowerShell ‘Write Data’ Deployment:

  1. Download or copy the below script to your workstation:
  2. Change the following values within the script: <File Share DNSName> to value of the File Service Endpoint of your Storagaccount, <StorageAccountKey> to the storage account key copied in step 4 of the creation of the storage account. Finally change <Storageaccount> to the name of your Storageaccount, also copied from step 4 of the creation of the storage account.
  3. Save the script to a known location on your workstation;
  4. Now go to the Intune section;
  5. Go to Configuration Profiles and PowerShell Scripts
  6. Click on Add. Give the script a name, select the script file (saved in step 3) and configure the following settings: the script needs to run as user so change the ‘Run the script using the logged on credentials’ to Yes.
  7. Assign the policy to a group of users.

After some time the script should run on the Windows 10 clients of the assigned users. For each desktop a .csv file should be saved on the Azure File share. If the files are saved we can continue with the following step.

PowerShell ‘Retrieve Data’ Script:

  1. Download or copy the below script to your location workstation:
  2. Change the following values within the script: <FileShare DNSName> to value of the File Service Endpoint of your Storagaccount, <StorageAccountKey> to the storage account key copied in step 4 of the creation of the storage account. Finally change <Storageaccount> to the name of your Storageaccount, also copied from step 4 of the creation of the storage account.
  3. Run the script
  4. The script will generate a .csv file on your desktop which will have all the results from the Storage Account. This file can now be used in Excel or PowerBI to create a nice visualization of the data.

To show the results in a nice graphic way I’ve created a PowerBI dashboard, this PowerBI dashboards contains the following information:

  • Graph of installed Office365 versions;
  • Graph of configured Office365 channels;
  • Graph of installed Office365 languages;
  • Graph of Automatic Updates enabled;
  • Table with all data rows of the csv file.

See below an example of the PowerBI dashboard:

image

You can download the PowerBI dashboard here.

Note:
All data send from Intune to the devices and from the devices to Azure is encrypted. But it’s advisable to regenerate the Storage account keys of the used storageaccount each month to protect against possible data leakage by using the Storage Account Key. Also be aware which information you save to the Azure File Share storage.

2 thoughts on “Collect and report on custom data with Intune

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.