Skip to main content
Question

Limitations on Collecting Intune Logs via Graph API?

  • April 27, 2026
  • 7 replies
  • 107 views
sara
Forum|alt.badge.img+1

Hi everyone,

I’m currently working on integrating Microsoft Intune logs into Google Cloud (via the Microsoft Graph API).

From what I’ve observed so far, it seems that only audit logs are accessible through this integration.

I wanted to ask:

  • Is there a limitation with the Graph API that restricts collection to only audit logs?
  • Are operational logs and compliance logs available through any other endpoint or method?
  • If not, are there any recommended alternatives or workarounds to ingest these logs?

Would appreciate any insights or guidance from the community.

7 replies

dnehoda
Staff
Forum|alt.badge.img+16
  • dnehoda
  • Staff
  • April 27, 2026

You can configure event hub and blob storage, sned them there and then pull them down from there through that integration rather than a 3rd party API.  Whatever is available thorugh the API is what MS delivers us.  I’d need to do a little more research on the topic but thats typically how it works.  

Best bet is the two options I mentioned but those incur other costs. 

sara
Forum|alt.badge.img+1
  • sara
  • Author
  • New Member
  • April 27, 2026

@dnehoda , thank you for your response. I am only interested currently in GRAPH API integration, hence, can you please guide us about the intune log types we can get via Graph API ?

I have seen the below mentioned official link only mentions about AUDIT logs API ?

https://docs.cloud.google.com/chronicle/docs/ingestion/default-parsers/azure-mdm-intune

darrenswift
Staff
Forum|alt.badge.img+4
  • darrenswift
  • Staff
  • April 28, 2026

Please see here for intune log ingestion to SecOps: https://docs.cloud.google.com/chronicle/docs/ingestion/default-parsers/azure-mdm-intune#configure_intune_diagnostic_settings

sara
Forum|alt.badge.img+1
  • sara
  • Author
  • New Member
  • April 30, 2026

@dnehoda , hey, any feedback ?

 

dnehoda
Staff
Forum|alt.badge.img+16
  • dnehoda
  • Staff
  • April 30, 2026

The only logs you can get through graph API are the audit logs and device/report.  That’s what MS gives you through it.  The only way to get more verbose is through the Event Hub or Blob storage.  

sara
Forum|alt.badge.img+1
  • sara
  • Author
  • New Member
  • April 30, 2026

@dnehoda , thanks for your reply, The below mentioned link only mentioned audit logs api link, I believe that we can only collect audit logs and no device/report logs, because there should be another  api link for any other types of logs,

 

any feedback on this ?

 

 

https://docs.cloud.google.com/chronicle/docs/ingestion/default-parsers/azure-mdm-intune

 

 

dnehoda
Staff
Forum|alt.badge.img+16
  • dnehoda
  • Staff
  • May 1, 2026

That's what MS delivers.  I have to look at our integration but I believe you can modify the URL you point to.  If that's the case, potentially create 2 feeds with the 2 different endpoints.  

Terms & ConditionsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.