Microsoft

Microsoft Intune Deployment

Enterprise deployment of TYCHON Quantum Readiness across Windows endpoints with Azure integration

Deployment Overview

Deploy TYCHON Quantum Readiness across your Windows endpoints using Microsoft Intune and automatically collect cryptographic intelligence in Azure Sentinel or Log Analytics workspaces.

📦

Package & Deploy

Create Intune Win32 app package

⚙️

Configure & Schedule

Set up scheduled tasks via Intune

☁️

Collect & Analyze

Stream results to Azure Sentinel

Prerequisites

Microsoft Environment

  • Microsoft Intune: Endpoint management subscription
  • Azure Sentinel: Or Log Analytics workspace
  • Windows 10/11: Target endpoints enrolled in Intune
  • Azure AD: Device and user management

Permissions Required

  • Intune Administrator: App deployment and configuration
  • Azure Sentinel Contributor: Data connector configuration
  • Local Administrator: On endpoints for EventLog writes
  • Log Analytics Contributor: Workspace configuration

Ad-Hoc Scanning (No Installation Required)

For quick local assessments or one-time scans, deploy TYCHON Quantum Readiness as an Intune PowerShell script that downloads, runs locally, and streams results directly to Azure - no permanent installation required.

Intune PowerShell Script Deployment

Deploy as a PowerShell script through Intune - downloads TYCHON Quantum Readiness, runs local scan, streams to Azure, then cleans up:

# TYCHON Quantum Readiness-AdHoc-LocalScan.ps1
# Download, run local scan, stream to Azure, cleanup

param(
    [string]$WorkspaceId = $env:AZURE_LOG_ANALYTICS_WORKSPACE_ID,
    [string]$WorkspaceKey = $env:AZURE_LOG_ANALYTICS_WORKSPACE_KEY,
    [string]$ScanTags = "ad-hoc-scan,intune-script"
)

$TempPath = "$env:TEMP\\TYCHON Quantum Readiness-$(Get-Random)"
$ScannerURL = "https://github.com/your-org/certscanner/releases/latest/download/certscanner-windows-amd64.exe"
$ScannerPath = "$TempPath\\certscanner.exe"

try {
    Write-Host "🔄 Starting ad-hoc cryptographic scan on $env:COMPUTERNAME..."
    
    # Create temp directory
    New-Item -Path $TempPath -ItemType Directory -Force | Out-Null
    
    # Download TYCHON Quantum Readiness
    Write-Host "📦 Downloading TYCHON Quantum Readiness..."
    Invoke-WebRequest -Uri $ScannerURL -OutFile $ScannerPath -UseBasicParsing
    
    # Run comprehensive local scan
    Write-Host "🔍 Scanning local system for cryptographic assets..."
    $OutputFile = "$TempPath\\scan-results.json"
    
    & $ScannerPath -mode local -scanfilesystem -scanmemory -scanconnected -scanoutlookarchives `
        -outputformat json -output $OutputFile `
        -tags $ScanTags
    
    if ($LASTEXITCODE -eq 0) {
        Write-Host "✅ Local scan completed successfully"
        
        # Stream results to Azure Log Analytics
        if ($WorkspaceId -and $WorkspaceKey) {
            Write-Host "☁️ Streaming results to Azure Log Analytics..."
            $ScanResults = Get-Content $OutputFile | ConvertFrom-Json
            
            # Convert to Log Analytics format and post
            $LogData = @{
                Computer = $env:COMPUTERNAME
                ScanTimestamp = Get-Date -Format "yyyy-MM-ddTHH:mm:ss.fffZ"
                ScanResults = $ScanResults
                Tags = $ScanTags.Split(",")
            } | ConvertTo-Json -Depth 10
            
            # Post to Azure Monitor Data Collector API
            $uri = "https://$WorkspaceId.ods.opinsights.azure.com/api/logs?api-version=2016-04-01"
            $headers = @{
                "Authorization" = "SharedKey $WorkspaceId:$WorkspaceKey"
                "Log-Type" = "TYCHON Quantum ReadinessAdHoc"
                "Content-Type" = "application/json"
            }
            
            try {
                Invoke-RestMethod -Uri $uri -Method Post -Body $LogData -Headers $headers
                Write-Host "✅ Results uploaded to Azure Log Analytics"
            } catch {
                Write-Warning "⚠️ Failed to upload to Azure: $($_.Exception.Message)"
                Write-Host "📄 Local results saved to: $OutputFile"
            }
        } else {
            Write-Host "📄 Scan results saved locally to: $OutputFile"
            Write-Host "💡 Configure AZURE_LOG_ANALYTICS_WORKSPACE_ID and KEY for Azure integration"
        }
    } else {
        Write-Error "❌ Scan failed with exit code: $LASTEXITCODE"
        exit 1
    }
    
} catch {
    Write-Error "❌ Ad-hoc scan failed: $($_.Exception.Message)"
    exit 1
} finally {
    # Cleanup temporary files
    if (Test-Path $TempPath) { 
        Remove-Item $TempPath -Recurse -Force 
        Write-Host "🧹 Temporary files cleaned up"
    }
}

Intune Configuration Steps

1. Create PowerShell Script in Intune

  • • Go to Endpoint ManagerDevice configurationPowerShell scripts
  • • Click Add → Upload the script above
  • • Set Run this script using the logged-on credentials: No
  • • Set Enforce script signature check: No
  • • Set Run script in 64-bit PowerShell Host: Yes

2. Configure Environment Variables (Optional)

# Set via Intune Device Configuration Profile
$env:AZURE_LOG_ANALYTICS_WORKSPACE_ID = "your-workspace-id"
$env:AZURE_LOG_ANALYTICS_WORKSPACE_KEY = "your-workspace-key"

3. Deploy to Target Groups

  • • Assign to Azure AD groups or individual devices
  • • Set schedule: Once for immediate scan or Daily for monitoring
  • • Monitor execution in Intune device status

EventLog Integration (Alternative)

For simpler Azure integration, use EventLog output that Windows Event Forwarding can automatically collect:

# TYCHON Quantum Readiness-EventLog-AdHoc.ps1
# Simplified script that writes to Windows Event Log

$TempPath = "$env:TEMP\\TYCHON Quantum Readiness-$(Get-Random)"
$ScannerURL = "https://github.com/your-org/certscanner/releases/latest/download/certscanner-windows-amd64.exe"
$ScannerPath = "$TempPath\\certscanner.exe"

try {
    Write-Host "🔄 Starting ad-hoc scan with EventLog output..."
    
    # Download and run with EventLog output
    New-Item -Path $TempPath -ItemType Directory -Force | Out-Null
    Invoke-WebRequest -Uri $ScannerURL -OutFile $ScannerPath -UseBasicParsing
    
    # Run scan - results go directly to Windows Event Log
    & $ScannerPath -mode local -scanfilesystem -scanmemory -scanconnected `
        -outputformat eventlog `
        -tags "ad-hoc-scan,eventlog"
    
    if ($LASTEXITCODE -eq 0) {
        Write-Host "✅ Scan completed - results written to Windows Event Log"
        Write-Host "📊 View in Event Viewer: Application Log → Source: TYCHON Quantum Readiness"
    } else {
        Write-Error "❌ Scan failed with exit code: $LASTEXITCODE"
        exit 1
    }
    
} finally {
    # Cleanup
    if (Test-Path $TempPath) { Remove-Item $TempPath -Recurse -Force }
}

Advantage: Windows Event Forwarding automatically sends events to Azure Sentinel without additional configuration

Viewing Ad-Hoc Results

Monitor and analyze ad-hoc scan results in Azure:

Azure Log Analytics Query

// Find ad-hoc scan results from last 24 hours
TYCHON Quantum ReadinessAdHoc_CL
| where TimeGenerated > ago(24h)
| where ScanResults_s contains "ad-hoc-scan"
| extend Computer = Computer_s
| extend CertCount = toint(ScanResults_s.filesystem_results.certificates)
| project TimeGenerated, Computer, CertCount, ScanResults_s
| order by TimeGenerated desc

EventLog Query (if using EventLog output)

// Query Windows Event Log events
Event
| where Source == "TYCHON Quantum Readiness" and TimeGenerated > ago(24h)
| where RenderedDescription contains "ad-hoc-scan"
| extend ScanData = parse_json(RenderedDescription)
| project TimeGenerated, Computer, EventID, ScanData
| order by TimeGenerated desc

Step 1: Create Intune Win32 App Package

1.1 Prepare Application Files

Create a folder structure for your Intune package:

TYCHON Quantum Readiness-Package/
├── certscanner.exe              # Windows binary
├── install.ps1                  # Installation script
├── uninstall.ps1               # Uninstallation script
├── detection.ps1               # Detection script
└── scheduled-task.xml          # Task definition

1.2 Create Installation Script (install.ps1)

# install.ps1
param(
    [string]$InstallPath = "C:\Program Files\TYCHON Quantum Readiness",
    [string]$TaskName = "TYCHON Quantum Readiness-Monitoring"
)

# Create installation directory
New-Item -ItemType Directory -Path $InstallPath -Force | Out-Null

# Copy binary to program files
Copy-Item "certscanner.exe" -Destination "$InstallPath\certscanner.exe" -Force

# Import scheduled task
$TaskXml = Get-Content "scheduled-task.xml" -Raw
$TaskXml = $TaskXml -replace "INSTALL_PATH_PLACEHOLDER", $InstallPath
Register-ScheduledTask -TaskName $TaskName -Xml $TaskXml -Force

# Create Event Log source (requires admin)
try {
    New-EventLog -LogName "Application" -Source "TYCHON Quantum Readiness" -ErrorAction SilentlyContinue
} catch {
    Write-Host "Event Log source may already exist or insufficient permissions"
}

Write-Host "TYCHON Quantum Readiness installed successfully to $InstallPath"
exit 0

1.3 Create Uninstallation Script (uninstall.ps1)

# uninstall.ps1
param(
    [string]$InstallPath = "C:\Program Files\TYCHON Quantum Readiness",
    [string]$TaskName = "TYCHON Quantum Readiness-Monitoring"
)

# Stop and remove scheduled task
try {
    Unregister-ScheduledTask -TaskName $TaskName -Confirm:$false -ErrorAction SilentlyContinue
    Write-Host "Scheduled task removed successfully"
} catch {
    Write-Host "Scheduled task may not exist or already removed"
}

# Remove installation directory
if (Test-Path $InstallPath) {
    Remove-Item -Path $InstallPath -Recurse -Force
    Write-Host "Installation directory removed: $InstallPath"
}

# Note: Event Log source cannot be easily removed without restart
# This is by design for Windows Event Log security

Write-Host "TYCHON Quantum Readiness uninstalled successfully"
exit 0

1.4 Create Scheduled Task Definition (scheduled-task.xml)

⚠️ Important: Replace YOUR-LICENSE-KEY-HERE in the Arguments section below with your actual TYCHON license key before packaging.

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Description>TYCHON Quantum Readiness automated cryptographic monitoring</Description>
    <Author>IT Security Team</Author>
  </RegistrationInfo>
  <Triggers>
    <CalendarTrigger>
      <Repetition>
        <Interval>PT4H</Interval>
      </Repetition>
      <StartBoundary>2025-01-01T08:00:00</StartBoundary>
      <ExecutionTimeLimit>PT30M</ExecutionTimeLimit>
      <Enabled>true</Enabled>
      <ScheduleByDay>
        <DaysInterval>1</DaysInterval>
      </ScheduleByDay>
    </CalendarTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-18</UserId>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>true</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>false</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT30M</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>INSTALL_PATH_PLACEHOLDER\certscanner.exe</Command>
      <Arguments>-license-key "YOUR-LICENSE-KEY-HERE" -mode local -scanfilesystem -scanmemory -scanconnected -outputformat eventlog -tags "intune-managed,automated-scan"</Arguments>
      <WorkingDirectory>INSTALL_PATH_PLACEHOLDER</WorkingDirectory>
    </Exec>
  </Actions>
</Task>

1.5 Create Detection Script (detection.ps1)

# detection.ps1
$InstallPath = "C:\Program Files\TYCHON Quantum Readiness\certscanner.exe"
$TaskName = "TYCHON Quantum Readiness-Monitoring"

# Check if binary exists and scheduled task is present
if ((Test-Path $InstallPath) -and (Get-ScheduledTask -TaskName $TaskName -ErrorAction SilentlyContinue)) {
    Write-Host "TYCHON Quantum Readiness is installed and configured"
    exit 0
} else {
    Write-Host "TYCHON Quantum Readiness not properly installed"
    exit 1
}

1.6 Package with Microsoft Win32 Content Prep Tool

REM Download Win32 Content Prep Tool from Microsoft
IntuneWinAppUtil.exe -c "C:\Source\TYCHON Quantum Readiness-Package" -s "install.ps1" -o "C:\Output"

REM This creates TYCHON Quantum Readiness.intunewin package ready for upload

Step 2: Configure Intune Application

2.1 Upload Win32 App to Intune

  1. 1. Navigate to Microsoft Endpoint Manager admin center
  2. 2. Go to Apps → All apps → Add
  3. 3. Select Windows app (Win32)
  4. 4. Upload your TYCHON Quantum Readiness.intunewin package
  5. 5. Configure app information and requirements

2.2 App Information Configuration

NameTYCHON Quantum Readiness Cryptographic Monitoring
DescriptionAutomated cryptographic asset discovery and monitoring tool
PublisherYour Organization IT Security
CategorySecurity
Install Commandpowershell.exe -ExecutionPolicy Bypass -File install.ps1
Uninstall Commandpowershell.exe -ExecutionPolicy Bypass -File uninstall.ps1

2.3 Requirements Configuration

Operating System

  • Windows 10: Version 1909 or later
  • Windows 11: All versions
  • Architecture: x64 only

System Requirements

  • Disk Space: 50 MB minimum
  • RAM: 100 MB during scan
  • Network: Optional for remote scans

2.4 Detection Rules

Detection Method: Use a PowerShell script

# Upload detection.ps1 and configure:
# - Run script as 32-bit PowerShell: No
# - Enforce script signature check: No  
# - Run script as logged on user: No

Step 3: Assign to Device Groups

3.1 Create Device Groups

Suggested Group Strategy

Pilot Group
  • • IT Security team devices
  • • 10-20 test endpoints
  • • Manual assignment
Production Groups
  • • Critical servers
  • • Workstations by department
  • • Dynamic membership rules

3.2 Assignment Configuration

Assignment Type: Required
Target Groups: 
  - TYCHON Quantum Readiness-Pilot (Available)
  - Critical-Servers (Required) 
  - All-Workstations (Required)

Notifications: Show all toast notifications
Install Deadline: As soon as possible
Restart Grace Period: 15 minutes

Step 4: Azure Sentinel Integration

4.1 Configure Windows Event Forwarding

Set up automatic forwarding of TYCHON Quantum Readiness events to Azure:

  1. 1. In Azure Sentinel, go to Data connectors
  2. 2. Search for "Windows Security Events"
  3. 3. Configure data connector with these settings:
{
  "eventLogSettings": {
    "application": {
      "enabled": true,
      "sources": ["TYCHON Quantum Readiness"],
      "eventIds": [1001, 1002, 1003, 1004]
    }
  },
  "streamingSettings": {
    "batchSize": 100,
    "flushInterval": "30s"
  }
}

4.2 Custom KQL Queries for Analysis

// Find PQC-vulnerable ciphers across organization
Event
| where Source == "TYCHON Quantum Readiness" and EventID == 1001
| extend CertData = parse_json(RenderedDescription)
| where CertData.cipher.intel.pqc_ready == false
| summarize count() by Computer, tostring(CertData.cipher.name)
| order by count_ desc

// Certificate expiration monitoring
Event  
| where Source == "TYCHON Quantum Readiness" and EventID == 1002
| extend CertData = parse_json(RenderedDescription)
| extend ExpiryDate = todatetime(CertData.certificate.not_after)
| where ExpiryDate < now() + 30d
| project TimeGenerated, Computer, 
    CertSubject = tostring(CertData.certificate.subject.common_name),
    ExpiryDate, FilePath = tostring(CertData.file.path)
| order by ExpiryDate asc

// Memory crypto library inventory
Event
| where Source == "TYCHON Quantum Readiness" and EventID == 1003  
| extend LibData = parse_json(RenderedDescription)
| summarize count() by Computer, 
    Library = tostring(LibData.cryptolibrary.name),
    Process = tostring(LibData.process.name)
| order by count_ desc

4.3 Create Azure Workbooks

{
  "workbookName": "TYCHON Quantum Readiness Cryptographic Dashboard",
  "sections": [
    {
      "title": "Organization Crypto Overview",
      "queries": [
        "TYCHON Quantum Readiness events by computer",
        "Top vulnerable cipher suites", 
        "Certificate expiration timeline",
        "Crypto library distribution"
      ]
    },
    {
      "title": "Security Alerts",
      "queries": [
        "PQC-vulnerable systems",
        "Expired certificates",
        "Weak cipher suites",
        "Uncommon crypto libraries"
      ]
    }
  ]
}

Step 5: Monitoring & Alerting

5.1 Create Azure Sentinel Analytics Rules

// Alert on PQC-vulnerable ciphers
Event
| where Source == "TYCHON Quantum Readiness" and EventID == 1001
| extend CertData = parse_json(RenderedDescription)
| where CertData.cipher.intel.security_level == "low" 
    or CertData.cipher.intel.pqc_ready == false
| summarize count() by Computer, bin(TimeGenerated, 1h)
| where count_ > 5  // Threshold for alerting

// Alert on certificate expiration
Event
| where Source == "TYCHON Quantum Readiness" and EventID == 1002
| extend CertData = parse_json(RenderedDescription)
| extend ExpiryDate = todatetime(CertData.certificate.not_after)
| where ExpiryDate < now() + 7d  // 7 days warning
| project Computer, CertSubject = CertData.certificate.subject.common_name, 
    ExpiryDate, FilePath = CertData.file.path

5.2 Automated Response Actions

Logic Apps Integration

  • • Trigger on high-severity findings
  • • Create ServiceNow tickets
  • • Send Teams notifications
  • • Generate compliance reports

Security Automation

  • • Block weak cipher configurations
  • • Quarantine compromised systems
  • • Update security baselines
  • • Generate executive reports

Advanced Configuration Options

Multiple Scan Profiles

Deploy different scanning profiles for different device types:

Workstation Profile

-mode local 
-scanfilesystem 
-scanconnected 
-outputformat eventlog
-tags "workstation,daily"

Server Profile

-mode local
-scanfilesystem
-scanmemory
-scanconnected
-outputformat eventlog
-tags "server,critical"

Critical Systems

-mode local
-scanfilesystem
-scanmemory
-scanconnected
-scanoutlookarchives
-outputformat eventlog
-tags "critical,compliance"

Configuration Management

# Create configuration profile in Intune (PowerShell script)
$ConfigPath = "C:\Program Files\TYCHON Quantum Readiness\config.json"
$Config = @{
    "default_scan_mode" = "local"
    "enable_filesystem_scan" = $true
    "enable_memory_scan" = $true
    "enable_connected_scan" = $true
    "default_tags" = @("intune-managed", "automated")
    "output_format" = "eventlog"
    "scan_schedule" = "every_4_hours"
} | ConvertTo-Json -Depth 10

# Ensure directory exists
New-Item -ItemType Directory -Path (Split-Path $ConfigPath) -Force | Out-Null

# Write configuration
$Config | Out-File -FilePath $ConfigPath -Encoding UTF8 -Force

Write-Host "TYCHON Quantum Readiness configuration deployed successfully"

Common Deployment Scenarios

Scenario 1: Compliance Monitoring

Deployment Strategy

  • • Deploy to all Windows endpoints
  • • Run daily comprehensive scans
  • • Generate CBOM reports for audits
  • • EventLog for real-time monitoring

Scheduled Task Args

-mode local -scanfilesystem 
-scanmemory -scanconnected 
-outputformat eventlog 
-tags "compliance,daily-audit"

Scenario 2: Incident Response

On-Demand Deployment

  • • Deploy to affected systems only
  • • Immediate execution after install
  • • Comprehensive memory scanning
  • • Generate detailed HTML reports

Immediate Scan Args

-mode local -scanfilesystem 
-scanmemory -scanconnected 
-scanoutlookarchives
-outputformat html
-tags "incident-response,forensics"

Scenario 3: PQC Readiness Assessment

Strategic Deployment

  • • Focus on critical infrastructure
  • • Detailed cipher enumeration
  • • Generate CBOM for inventory
  • • Weekly comprehensive reports

PQC Assessment Args

-mode local -cipherscan
-scanfilesystem -scanmemory
-outputformat cbom
-tags "pqc-readiness,weekly"

Troubleshooting & Best Practices

Common Issues

Issue: App installation fails with "Access Denied"
Solution: Ensure install command runs as SYSTEM with highest privileges
Issue: Scheduled task doesn't execute
Solution: Verify task runs as SYSTEM and has "Run with highest privileges" enabled
Issue: No events appear in Azure Sentinel
Solution: Check Windows Event Forwarding configuration and data connector status

Best Practices

Deployment

  • • Start with pilot group (10-20 devices)
  • • Monitor for 1 week before broad deployment
  • • Use phased rollout by department
  • • Test detection rules thoroughly

Monitoring

  • • Set up Azure Workbooks for dashboards
  • • Configure alerts for critical findings
  • • Regular review of scan coverage
  • • Archive old scan data periodically

Performance Optimization

Scan Timing

  • • Schedule during low-usage hours
  • • Stagger execution across endpoints
  • • Use random delays to prevent load spikes
  • • Monitor endpoint performance impact

Data Management

  • • Configure Log Analytics data retention
  • • Use data archiving for compliance
  • • Monitor ingestion costs and volumes
  • • Optimize query performance with indexes

PowerShell Management Scripts

Deployment Status Monitoring

# Check deployment status across organization
Connect-MSGraph

# Get all devices with TYCHON Quantum Readiness app
$AppId = "your-certscanner-app-id"
$Devices = Get-IntuneManagedDevice | Where-Object { $_.operatingSystem -eq "Windows" }

foreach ($Device in $Devices) {
    $AppStatus = Get-IntuneDeviceAppStatus -DeviceId $Device.id -AppId $AppId
    Write-Host "$($Device.deviceName): $($AppStatus.installState)" 
}

# Check for scan results in last 24 hours
$Yesterday = (Get-Date).AddDays(-1)
$ScanEvents = Get-WinEvent -FilterHashtable @{
    LogName='Application'
    ProviderName='TYCHON Quantum Readiness'
    StartTime=$Yesterday
} -ComputerName $Device.deviceName -ErrorAction SilentlyContinue

Write-Host "$($Device.deviceName): $($ScanEvents.Count) scan events in last 24h"

Bulk Configuration Updates

# Update scan configuration across all endpoints
$NewConfig = @{
    "scan_frequency" = "every_6_hours"
    "enable_outlook_scan" = $true
    "additional_tags" = @("updated-config", "v2")
} | ConvertTo-Json

# Deploy via Intune PowerShell script
$ScriptContent = @"
`$ConfigPath = "C:\Program Files\TYCHON Quantum Readiness\config.json"
'$NewConfig' | Out-File -FilePath `$ConfigPath -Encoding UTF8 -Force
Restart-ScheduledTask -TaskName "TYCHON Quantum Readiness-Monitoring"
"@

# Upload and assign to device groups
New-IntuneDeviceConfigurationPolicyScript -Content $ScriptContent -DisplayName "TYCHON Quantum Readiness-Config-Update"

Cost Optimization & Scaling

Azure Cost Management

  • Log Analytics Costs: Monitor daily ingestion GB
  • Data Retention: Configure appropriate retention periods
  • Query Optimization: Use time filters and summarization
  • Alerting Limits: Set thresholds to control noise

Scaling Considerations

  • Endpoint Count: Test with 100+ devices first
  • Scan Frequency: Balance coverage vs. performance
  • Network Impact: Monitor bandwidth for remote scans
  • Storage Growth: Plan for log data growth

Estimated Costs (1000 endpoints)

~50 GB/month
Log Analytics Ingestion
$200-400/month
Azure Sentinel Costs
$0/month
Intune Deployment