Intune Log Collector
Intune Log Collector is an Azure-based solution that collects logs from Intune-managed devices, including files, directories, and event logs. It deploys a Function App, Storage Account, and Key Vault, with the Remediation script driving log collection per LogsGatherRules.json and uploading a compressed archive to the logs container. Deployments support Azure Template Spec (Bicep/ARM) or direct ARM templates, with optional UI and post-deployment steps.
Security Analysis
12 files scanned on Jun 11, 2026
The Intune Log Collector codebase appears to implement strong device/app authentication and graph access via Managed Identity. Primary security concerns are around the SAS token methodology in GetSASUri (data access scope and token lifecycle), logging of sensitive header data in GetBlobContent, and partial input validation (container name not on an allowlist). Recommend tightening SAS token scopes and lifetimes, expanding redaction in logs, and enforcing container-level validation to align with account allowlists. Overall, no evidence of credential theft or remote code execution observed; the pattern is consistent with a legitimate admin tool, given proper hardening of the identified risks.
You might also like
Intune Device Details GUI
A PowerShell-based GUI tool for visualizing comprehensive Intune device information. Shows Azure AD group memberships, Intune filter assignments, application and configuration targeting, BitLocker recovery keys, LAPS passwords, Autopilot profiles, and remediation script status with color-coded assignment states.
Endpoint Analytics Remediation Scripts
A community-driven repository of 86+ PowerShell detection and remediation scripts for Microsoft Intune Endpoint Analytics. Includes scripts for system health, security hardening, device management, application management, optimization, and diagnostics.
Get-AutopilotDiagnosticsCommunity
A PowerShell diagnostic script for analyzing Windows Autopilot deployments. Provides comprehensive details about Autopilot profile settings, policies, apps, and certificate profiles tracked via Enrollment Status Page, with support for local PC analysis and captured log files.
Get-IntuneManagementExtensionDiagnostics
A PowerShell script for analyzing Intune Management Extension logs and creating timeline reports. Tracks Win32App deployments, WinGetApp packages, PowerShell scripts, Proactive Remediations, Custom Compliance, and Autopilot ESP phases with HTML reports and integrated LogViewerUI.
