I'm currently transitioning from SCCM to a 100% Intune environment, and I've noticed that Intune doesn't have the same robust reporting features that SCCM provided. I reached out to Microsoft, and they suggested routing Intune logs, particularly endpoint analytics and update compliance, to Azure Log Analytics. From there, I could use custom retention policies and KQL (Kusto Query Language) to generate detailed reports.
However, I looked into the pricing and found that the basic plan for Log Analytics starts at 100GB for $196 a day, which can add up to around $70,000 a year! Given that we have over 70,000 workstations, I wonder if this plan is overkill or if Microsoft may be missing the mark.
What I'm hoping to replicate from SCCM reporting includes trending graphs with at least two years of historical data to show management deployment trends; detailed reports on Updates and Applications to track compliance states and timelines; and an inventory on files or registry keys, which is essential for operational decisions.
Management wants to go fully Intune, so I'm looking for the best way to maintain reporting capabilities in this new Azure/Intune setup. I can move this to an Intune space if needed, but since it also relates to Log Analytics, I thought it made sense to discuss here!
1 Answer
Log Analytics can definitely be pricey since it charges based on log ingestion, query usage, and retention. It’s primarily a log collection tool, so you'll need to create the dashboards and alerts manually. If you opt for it, just collect what you need and avoid unnecessary data, especially since it works best with Microsoft products like PowerBI. Learning KQL will be really beneficial to you in this process!
Thanks for the insight! I get that I'll need to be hands-on with the reports. I guess I'm more concerned about whether it can handle the data volume efficiently since we'll mainly be tracking on-premises workstations.