Getting data from Endpoint analytics e.g., Startup performance into a Log Analytics Workspace

Question

Hi,

I'm trying to setup alerts from an Azure monitor "Log Analytics Workspace", based on ingesting "Endpoint" analytics metrics: "Startup Performance" and "Application Reliability".

I have been unsuccessful in finding any relevant links, tutorials, guides or video's describing how to set this up. Hoping someone can describe the process? We basically just want an alert fired if a normal user workstation crashes 5 times in 1 week for example, or if outlook is crashing 10 times in 1 week.

An alert should be triggered/fired to send the help desk an email which will raise a ticket (ITSM). I cannot see any tables with relevant data in the "Log Analytics Workspace" or find a schema diagrams to show me what tables to query via GQL. Any advice would be really appreciated.

From:

To:

Cheers.

Answer 1

Hi there,

AFAIK, this data isn't available as a part of Diagnostics Setting telemetry for Intune.
This is a guide how to enable the integration https://learn.microsoft.com/en-us/mem/intune/fundamentals/review-logs-using-azure-monitor

But it collects the following data only:

Microsoft Intune includes built-in logs that provide information about your environment:

Audit Logs shows a record of activities that generate a change in Intune, including create, update (edit), delete, assign, and remote actions.
Operational Logs show details on users and devices that successfully (or failed) to enroll, and details on non-compliant devices.
Device Compliance Organizational Logs show an organizational report for device compliance in Intune, and details on non-compliant devices.
IntuneDevices show device inventory and status information for Intune enrolled and managed devices.

Btw, you can try to request a feature via a support case.