Skip to content

[microsoft_intune] Initial release of Microsoft Intune with Audit and Managed Device data streams#18408

Merged
efd6 merged 3 commits intomainfrom
feature/microsoft_intune-0.1.0
Apr 16, 2026
Merged

[microsoft_intune] Initial release of Microsoft Intune with Audit and Managed Device data streams#18408
efd6 merged 3 commits intomainfrom
feature/microsoft_intune-0.1.0

Conversation

@janvi-elastic
Copy link
Copy Markdown
Contributor

@janvi-elastic janvi-elastic commented Apr 15, 2026

Proposed commit message

The initial release includes Audit and Managed Device data stream and associated dashboard.

Microsoft Intune fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

To test the microsoft_intune package:

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/microsoft_intune directory.
  • Run the following command to run tests.

elastic-package test

Run asset tests for the package
2026/04/15 14:05:51  INFO elastic-package v0.118.0 version-hash 816ceecf (build time: 2025-12-30T18:33:37+05:30)
2026/04/15 14:05:51  INFO elastic-stack: 8.18.0
--- Test results for package: microsoft_intune - START ---
╭──────────────────┬────────────────┬───────────┬───────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE          │ DATA STREAM    │ TEST TYPE │ TEST NAME                                                                 │ RESULT │ TIME ELAPSED │
├──────────────────┼────────────────┼───────────┼───────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ microsoft_intune │                │ asset     │ dashboard microsoft_intune-adaf931d-1be6-4394-a046-35e1d1010f9e is loaded │ PASS   │      2.035µs │
│ microsoft_intune │                │ asset     │ dashboard microsoft_intune-e39a0b69-4312-43b3-ae1f-3f0f4bf47bcd is loaded │ PASS   │        158ns │
│ microsoft_intune │ audit          │ asset     │ index_template logs-microsoft_intune.audit is loaded                      │ PASS   │        216ns │
│ microsoft_intune │ audit          │ asset     │ ingest_pipeline logs-microsoft_intune.audit-0.1.1 is loaded               │ PASS   │        199ns │
│ microsoft_intune │ managed_device │ asset     │ index_template logs-microsoft_intune.managed_device is loaded             │ PASS   │        204ns │
│ microsoft_intune │ managed_device │ asset     │ ingest_pipeline logs-microsoft_intune.managed_device-0.1.1 is loaded      │ PASS   │        126ns │
╰──────────────────┴────────────────┴───────────┴───────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: microsoft_intune - END   ---
Done
Run pipeline tests for the package
2026/04/15 14:05:59  INFO elastic-package v0.118.0 version-hash 816ceecf (build time: 2025-12-30T18:33:37+05:30)
2026/04/15 14:05:59  INFO elastic-stack: 8.18.0
--- Test results for package: microsoft_intune - START ---
╭──────────────────┬────────────────┬───────────┬────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE          │ DATA STREAM    │ TEST TYPE │ TEST NAME                                          │ RESULT │ TIME ELAPSED │
├──────────────────┼────────────────┼───────────┼────────────────────────────────────────────────────┼────────┼──────────────┤
│ microsoft_intune │ audit          │ pipeline  │ (ingest pipeline warnings test-audit.log)          │ PASS   │ 444.203563ms │
│ microsoft_intune │ audit          │ pipeline  │ test-audit.log                                     │ PASS   │ 502.629977ms │
│ microsoft_intune │ managed_device │ pipeline  │ (ingest pipeline warnings test-managed-device.log) │ PASS   │ 302.826793ms │
│ microsoft_intune │ managed_device │ pipeline  │ test-managed-device.log                            │ PASS   │ 235.055911ms │
╰──────────────────┴────────────────┴───────────┴────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: microsoft_intune - END   ---
Done
Run policy tests for the package
2026/04/15 14:06:01  INFO elastic-package v0.118.0 version-hash 816ceecf (build time: 2025-12-30T18:33:37+05:30)
2026/04/15 14:06:01  INFO elastic-stack: 8.18.0
--- Test results for package: microsoft_intune - START ---
No test results
--- Test results for package: microsoft_intune - END   ---
Done
Run script tests for the package
PKG microsoft_intune
[no test files]
--- Test results for package: microsoft_intune - START ---
No test results
--- Test results for package: microsoft_intune - END   ---
Done
Run static tests for the package
2026/04/15 14:06:01  INFO elastic-package v0.118.0 version-hash 816ceecf (build time: 2025-12-30T18:33:37+05:30)
--- Test results for package: microsoft_intune - START ---
No test results
--- Test results for package: microsoft_intune - END   ---
Done
Run system tests for the package
2026/04/15 14:06:01  INFO elastic-package v0.118.0 version-hash 816ceecf (build time: 2025-12-30T18:33:37+05:30)
2026/04/15 14:06:01  INFO elastic-stack: 8.18.0
--- Test results for package: microsoft_intune - START ---
No test results
--- Test results for package: microsoft_intune - END   ---
Done

Screenshots

image image

Note: This integration follows a phased development process where individual data streams were reviewed and merged into a feature branch through separate PRs:

All PR's have been reviewed and merged in this feature branch, which is now ready for integration into the main branch.

@janvi-elastic
[microsoft_intune][audit] Add microsoft_intune audit datastream (#17687)
d78b372 
The initial release includes audit data stream, associated dashboards 
and visualizations.

Microsoft Intune fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from documentation and live data samples, 
which were subsequently sanitized.
@janvi-elastic
[microsoft_intune][managed_device] Add microsoft_intune managed_devic…
2def79d 
…e datastream (#18314)

The initial release includes managed_device data stream, associated dashboards 
and visualizations.

Microsoft Intune fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from documentation and live data samples, 
which were subsequently sanitized.
@janvi-elastic janvi-elastic requested a review from a team as a code owner April 15, 2026 08:39
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 15, 2026
edited
Loading

Vale Linting Results

Summary: 2 warnings found

⚠️ Warnings (2)
File Line Rule Message
packages/microsoft_intune/_dev/build/docs/README.md 23 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'versus' instead of 'vs'.
packages/microsoft_intune/docs/README.md 23 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'versus' instead of 'vs'.

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Apr 15, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added New Integration Issue or pull request for creating a new integration package. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Crest Contributions from Crest developement team. labels Apr 15, 2026
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 16, 2026

💚 Build Succeeded

History

efd6
efd6 approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

This was lightly reviewed since all the commits in the chain have already been reviewed. I did do a recheck on the dashboards and they are all good with a minor concern about the number of panels in the managed device dashboard; under the guide limit, but something to be aware of in future.

@efd6 efd6 merged commit fe74a41 into main Apr 16, 2026
13 checks passed
@efd6 efd6 deleted the feature/microsoft_intune-0.1.0 branch April 16, 2026 21:04
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Apr 16, 2026

Package microsoft_intune - 0.1.0 containing this change is available at https://epr.elastic.co/package/microsoft_intune/0.1.0/

@andrewkroh andrewkroh added the Integration:microsoft_intune Microsoft Intune label Apr 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

No one assigned

Labels

Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:microsoft_intune Microsoft Intune New Integration Issue or pull request for creating a new integration package.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@janvi-elastic @elasticmachine @efd6 @andrewkroh