Running logic apps without the need of governance

Hi there! I am new to the MSEndpointMgr team and thrilled to be here!

In this blog post, we will look into Logic Apps and how we can achieve a governance-free model to how we can utilize this kind of low/no code technology and get the results that we want.
I have blogged about the subject earlier – how to e.g. get configuration changes made to Microsoft Intune. If you are interested you can read about that here.

What more is there to write? Well for starters Logic Apps are easy to work with if you use the built-in functionality, but what if you would like to be creative and draw outside the lines? You then enter a state where stuff can be complex and not very user-friendly as low/no code was built to be.

In this blog post, we will draw outside the lines. Why you may ask? Because Logic apps and their object typically have connectors into different services. These connectors either use your credentials or a service principle. Nothing wrong with that, but what if the user who build it, is no longer in your company? Yes, then the connectors used by your colleague will at some point not work anymore.
Your result will look like this and be published daily on your Teams channel.

How to get started

First we need to create a logic app. I will not demonstrate it here. It is straight forward and also demonstrated in the link provided in the top.

Go to your logic app and find Identity. Switch the tab to On and save it. A minute or two later a managed identity will be available to be used within the azure environment.

We will use our managed identity to access data in log analytics, so what we need is to assign the managed identity as a reader on the specific log analytics workspace where your Intune audit data is located. If you haven’t set up your Intune audit data yet, then follow this post on how to do so.

I am assuming you know how to locate your log analytics, and where to click to get started setting permissions on it.

Then we need to copy our code to the Logic App we created. Open your logic app

If you haven’t setup a Teams hook already, then here is a guide to do that.

  1. copy the code from here
  2. Paste it into the logic app
  3. Replace in line 112 where it says a32a07c5-739b-40ce-9b3f-185733d5c0d0 and add your own Log Analytics workspace ID
  4. Replace in line 225 where it says and add your own Teams hook
  5. Save it

You will never ever have any surprises of changes in your Intune environment and neither will your colleagues.

Mattias Melkersen

Mattias Melkersen is a community driven and passionate modern workplace consultant with 18 years’ experience in automating software, driving adoption and technology change within the Enterprise. He lives in Denmark and works at Mindcore.

He is an Enterprise Mobility MVP, Official Contributor in a LinkedIn group with 20.000 members and Microsoft 365 Enterprise Administrator Expert.

Mattias blogs, gives interview and creates a YouTube content on the channel "MEM Tips and Tricks" where he creates helpful content in the MEM area and interview MVP’s who showcase certain technology or topic.

Add comment


Categories use cookies to ensure that we give you the best experience on our website.