This repository explains how can u create your own reports for AD, Forcepoint, Intune and Defender with PowerBI. And includes a PowerBI sample (.pbit) This sample file have some of reports like; Installed Apps on Devices, BitLocker Status, Defender Alarm Status and Trend, Email Security Reports, Devices on your Active Directory, Intune, Defender and Forcepoint AV Status, Onboarding Status on Defender, Exposure and Risk Scores for your devices and much more than. Also you can run your own KQL queries for Defender reports on this sample file.
🎯Intune
You have 2 methods for getting data from Intune;
⭕Method 1;
⧁ There is a table here in the PowerBI sample named deviceManagement-intunewithazureapp
⧁ This table runs a query with Azure Application informations and going to getting data from Intune with Microsoft Graph. And it does it without an username or password, it does with your app informations.
⧁ When the parameters box appears, just type your own App ID, App Secret and Tenant ID.
⧁ Also you can use second method for getting data from Intune but i saw different values so i just put them into sample file.
⧁ You can see which Intune Graph query references what here;
⧁ https://learn.microsoft.com/en-us/graph/api/resources/intune-graph-overview?view=graph-rest-beta
⧁ Also you can get more information about this query from here;
⧁ https://www.linkedin.com/pulse/story-powerbi-microsoft-graph-api-service-side-refresh-journaux/
⭕Method 2;
⧁ It is very simple to get data with this method.
⧁ Just get your own Data Warehouse URL and paste it to parameters box.
⧁ It needs a username and password with read permissions to intune.
⧁ If you want to create your own pbix, u can reference this document;
⧁ https://jannikreinhard.com/2022/07/10/build-powerbi-dashboard-based-on-intune-data-warehouse/
Requirements;
⭕Method 1;
⧁ You need an Azure App with api permission to these permissions;
⧁ Note: This permissions are extended for my lab but you dont have to give this all permissions to your app.
⧁ It changes for what u want or which you want to get data from Graph.
⧁ You can also follow this steps at link above (Method 1).
⭕Method 2;
⧁ You need your own Data Warehouse URL.
⧁ A user who has permissions to read all intune data.
🎯Defender
⧁ There is a function available on Power Query Editor named AdvancedHuntingQuery.
⧁ It is very simple, just paste your own Advanced Hunting query to this function and get your data to new table you change as you want.
Requirements;
⧁ U need an account with permissions to Security Operator, Security Administrator or Global Admin.
🎯Forcepoint
⧁ You need to know your own Forcepoint database address.
⧁ A user who has permissions to read wbsn-data-security database tables.
⧁ When the parameters box appears, just type your forcepoint sql database address.
⧁ Note that: this SQL query doesn't harmfull for your database tables. They just simple SELECT queries.
🎯Active Directory
⧁ You need an account with permissions to read all devices on your Active Directory.
⧁ When the parameters box appears, just type your domain name (contoso.com) and be sure that u can access your DCs with LDAP ports.
Don't hesitate to contact with me, this README file is for person who has information about this things. I can help you for your reports. Just send me an email.
E-Mail: [email protected]
More information will be come next weeks.
!!!!New Release for MAM (Mobile Application Management) report🙌