Back to all tools
PS ScriptTroubleshooting

Intune Log Collector

Intune Log Collector is an Azure-based solution that collects logs from Intune-managed devices, including files, directories, and event logs. It deploys a Function App, Storage Account, and Key Vault, with the Remediation script driving log collection per LogsGatherRules.json and uploading a compressed archive to the logs container. Deployments support Azure Template Spec (Bicep/ARM) or direct ARM templates, with optional UI and post-deployment steps.

Works with
WindowsmacOSGraph APIAzure Automation

Security Analysis

6of 6
All Checks Passed

12 files scanned on Jun 11, 2026

No Obfuscated Code
No Remote Execution
No Credential Theft
No Data Exfiltration
No Malicious Patterns
No Hardcoded Secrets
AI Analysis

The Intune Log Collector codebase appears to implement strong device/app authentication and graph access via Managed Identity. Primary security concerns are around the SAS token methodology in GetSASUri (data access scope and token lifecycle), logging of sensitive header data in GetBlobContent, and partial input validation (container name not on an allowlist). Recommend tightening SAS token scopes and lifetimes, expanding redaction in logs, and enforcing container-level validation to align with account allowlists. Overall, no evidence of credential theft or remote code execution observed; the pattern is consistent with a legitimate admin tool, given proper hardening of the identified risks.

Screenshots