2.4 C
New York
Tuesday, January 9, 2024

Gathering and Storing Lenovo Guarantee Data to Azure Monitor

A current function add (by common demand) in Industrial Vantage is the flexibility to put in writing the machine’s guarantee info to WMI.  

The Lenovo_WarrantyInformation WMI class situated beneath the rootLenovo Namespace is created when the “Write Guarantee Data to WMI” coverage has been enabled on the machine.

On this publish, we will stroll by how this information may be collected from Intune managed units and ingested right into a Log Analytics Workspace in Azure Monitor.

The answer is derived from a superb Microsoft weblog publish, which supplies an instance of gathering BIOS info.  Admittedly, I have not explored the depths of Graph and was stunned to learn that script outputs are saved in a resultMessage property on the service facet, as famous within the publish.  

As soon as I obtained the grasp of the workflow, I believed why not try to go after guarantee info?  Stepping exterior of my consolation zone, I made a decision to take this a bit additional by delving into Log Analytics and Azure Automation to automate the gathering of this information utilizing a scheduled Runbook.  Thankfully, the MS docs have been extremely useful throughout my testing.

Earlier than you start, make certain your check units have the newest model of Industrial Vantage put in and the GPO to put in writing guarantee info to WMI has been configured.  Discuss with this weblog publish on the right way to deploy the setting with Intune or you may configure it manually utilizing the offered .Admx template loaded into the native Group Coverage Editor.  You’ll be able to confirm information has been written to WMI by shopping to the namespace utilizing WMIExplorer.

Deploy this PowerShell script to a consumer/machine group to get began

Get-CimInstance -Namespace root/Lenovo -ClassName Lenovo_WarrantyInformation | Choose-Object `
    SerialNumber, `
    Product, `
    StartDate, `
    EndDate, `
    LastUpdateTime | ConvertTo-Json
When you’re beginning to see script execution has succeeded in your units within the MEM portal, entry the info by way of Graph as demonstrated within the weblog publish referenced earlier.

Now that we have now information, we will ship this to the Azure Monitor HTTP Knowledge Collector API utilizing PowerShell.  You may want to notice the Workspace ID and Major Key of the Log Analytics workspace you plan on utilizing.

You will discover this info beneath Log Analytics workspace > Brokers administration

Subsequent, we will setup a PowerShell Runbook that may create a POST request to the HTTP Knowledge Collector API that features our record of units to ship.


  • Azure Automation account.  If you have not created one, check with the MS doc on how to do that.
  • Intune PowerShell SDK, which supplies help for the Intune API by Graph.  This module will have to be imported from the PowerShell Gallery into Azure Automation earlier than continuing.  This is a brief script to take action:
$ResourceGroup = '<your useful resource group>'
$AutomationAccount = '<your automation account>'

# URL to Graph bundle: https://www.powershellgallery.com/packages/Microsoft.Graph.Intune
if (!(Get-AzAutomationModule -ResourceGroupName $ResourceGroup -AutomationAccountName $AutomationAccount | The place-Object { $_.Identify -eq $ModuleName -and $_.ProvisioningState -eq 'Succeeded' })) {
    New-AzAutomationModule -Identify $ModuleName -ResourceGroupName $ResourceGroup -AutomationAccountName $AutomationAccount -ContentLinkUri 'https://www.powershellgallery.com/api/v2/bundle/Microsoft.Graph.Intune/6.1907.1.0'

Confirm the module’s standing reveals Out there

  • Two Azure Automation string kind variables that may maintain an Azure consumer account/encrypted password to authenticate to Graph (make certain this account has the suitable permissions).  These will likely be referred to as utilizing the Get-AutomationVariable inner cmdlets.

As soon as every part is able to go, select the Azure Automation account you wish to use and click on Runbooks and Create a runbook.  Enter a reputation and select PowerShell for the runbook kind.

I’ve adjusted the PowerShell pattern to incorporate the JSON information that will likely be ingested to the Log Analytics Workspace.  You may want to interchange the $CustomerId and $SharedKey variables along with your Workspace ID and Major Key.  I’ve additionally set the $LogType variable to WarrantyInformation as this would be the title of the Customized Log that is created to retailer precisely what we’re gathering, guarantee info.

Copy/paste the beneath script to your runbook

Set inner automation cmdlets for Graph authentication
Reference: https://docs.microsoft.com/en-us/azure/automation/shared-resources/variables?tabs=azure-powershell#internal-cmdlets-to-access-variables
$AdminUser = Get-AutomationVariable -Identify 'AdminUser'
$AdminPassword = Get-AutomationVariable -Identify 'AdminPassword'
$SecureAdminPassword = ConvertTo-SecureString -String $AdminPassword -AsPlainText -Pressure
$Cred = New-Object System.Administration.Automation.PSCredential ($AdminUser, $SecureAdminPassword)

# Connect with Graph Beta API
Replace-MSGraphEnvironment -SchemaVersion 'beta'
Join-MSGraph -PSCredential $Cred | Out-Null

Collect guarantee information from profitable script executions
Reference: https://techcommunity.microsoft.com/t5/device-management-in-microsoft/how-to-collect-custom-inventory-from-azure-ad-joined-devices/ba-p/2280850#.YIGt2nOrV50.hyperlinkedin
$consequence = Invoke-MSGraphRequest -HttpMethod GET -Url 'deviceManagement/deviceManagementScripts/<script id>/deviceRunStates?$increase=managedDevice' | Get-MSGraphAllPages
$success = $consequence | The place-Object -Property errorCode -EQ 0
$resultMessage = $success.resultMessage 
$Gadgets = $resultMessage | ConvertFrom-Json
$newjson = $Gadgets | ConvertTo-Json

Beneath pattern request reference:

# Exchange along with your Workspace ID
$CustomerId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"  

# Exchange along with your Major Key
$SharedKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# Specify the title of the file kind that you're going to be creating
$LogType = "WarrantyInformation"

# You should utilize an elective area to specify the timestamp from the info. If the time area isn't specified, Azure Monitor assumes the time is the message ingestion time
$TimeStampField = ""

# Create the perform to create the authorization signature
Perform Construct-Signature ($customerId, $sharedKey, $date, $contentLength, $technique, $contentType, $useful resource)
    $xHeaders = "x-ms-date:" + $date
    $stringToHash = $technique + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $useful resource

    $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash)
    $keyBytes = [Convert]::FromBase64String($sharedKey)

    $sha256 = New-Object System.Safety.Cryptography.HMACSHA256
    $sha256.Key = $keyBytes
    $calculatedHash = $sha256.ComputeHash($bytesToHash)
    $encodedHash = [Convert]::ToBase64String($calculatedHash)
    $authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash
    return $authorization

# Create the perform to create and publish the request
Perform Publish-LogAnalyticsData($customerId, $sharedKey, $physique, $logType)
    $technique = "POST"
    $contentType = "software/json"
    $useful resource = "/api/logs"
    $rfc1123date = [DateTime]::UtcNow.ToString("r")
    $contentLength = $physique.Size
    $signature = Construct-Signature `
        -customerId $customerId `
        -sharedKey $sharedKey `
        -date $rfc1123date `
        -contentLength $contentLength `
        -method $technique `
        -contentType $contentType `
        -resource $useful resource
    $uri = "https://" + $customerId + ".ods.opinsights.azure.com" + $useful resource + "?api-version=2016-04-01"

    $headers = @{
        "Authorization" = $signature;
        "Log-Sort" = $logType;
        "x-ms-date" = $rfc1123date;
        "time-generated-field" = $TimeStampField;

    $response = Invoke-WebRequest -Uri $uri -Methodology $technique -ContentType $contentType -Headers $headers -Physique $physique -UseBasicParsing
    return $response.StatusCode


# Submit the info to the API endpoint
Publish-LogAnalyticsData -customerId $customerId -sharedKey $sharedKey -body ([System.Text.Encoding]::UTF8.GetBytes($newjson)) -logType $logType

Click on on Check pane and click on on Begin.  After a number of seconds, you must see Full

Let’s take a look at the brand new Customized Log in our workspace.  Click on the Customized logs blade.  There ought to now be a WarrantyInformation_CL seen.  Discover the kind is Ingestion API.  

| order by Product_s
| distinct Product_s, StartDate_s, EndDate_s

Yay!  Guarantee information!

For those who needn’t make any additional adjustments with the Runbook, click on on Publish.  

One other instance could be when you wished to solely present units whose Guarantee ended within the 12 months 2020, you can run this question

| distinct SerialNumber_s, Product_s, StartDate_s, EndDate_s
| the place EndDate_s accommodates "2020"

You may also pin a selected question to your dashboard when you need

Now we are able to arrange a recurring schedule for the Runbook to observe our fleet’s guarantee.

Supply hyperlink

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles