It’s been a while since the last post in the MEM Monitoring series, but today we have a new blog post. This time I describe how we can set up a Logic Apps flow to get notified when an iOS LOB app is about to expire. An expired iOS LOB app can’t be deployed to our users anymore, so we need to make sure the apps are renewed before they expire. But who keeps an eye on the expiration date? Nobody, so receiving a notification before the app expires will warn us on time.
This is a pretty simple flow compared with the flows I shared in the past. It’s not much more than an HTTP action, Condition, and the action to send out the notification.
This blog post is part of the MEM (Intune) Monitoring series. An article with a short explanation of every MEM Monitoring flow I shared and links to the related articles can be found here.
The solution in short
As written this is a short flow to get the job done. We query Microsoft Graph for all the iOS LOB apps. We do this by using an HTTP action in an Azure Logic Apps flow. When we have an overview of the apps pulled from Graph, we use a Condition action to filter on the expiration date. In this example, I send a notification when the expiration is in less than 30 days. For these expiring apps, I send out an email and a message to a Teams channel, to show both possibilities.
For easy deployment, you can also find the flow on my GitHub.
Requirements
For this solution, we have some requirements. To query Microsoft Graph we need to have permission to perform this job. There are different options to authenticate to MS Graph and assign permissions, but I prefer an Azure Managed Identity.
The required Graph (Application) permission we need is:
DeviceManagementApps.Read.All
So the first requirement is a Managed Identity with the above permission.
The only other requirement depends on what kind of notification you want to send. If this is per email, you need a (shared) mailbox. If you want to send out a message to a Teams channel, you need to create an incoming webhook.
Setup the first part of the Logic App flow
Sign in to the Azure portal and open the Logic App service. I created a blank Logic App of type Consumption.
When the flow is created, click on the name of the flow at the top of the screen, open the Identity section, and on the tab User assigned add your Managed Identity.
Open the Overview tab, which shows a few templates, and choose Recurrence.
Change the interval settings to your needs.
Click New step to add our first action to the flow. Search for HTTP and add an HTTP action to the flow.
As Method select GET.
As URI enter:
https://graph.microsoft.com/beta/deviceAppManagement/mobileApps?$filter=(isof(%27microsoft.graph.iosLobApp%27)%20or%20isof(%27microsoft.graph.managedIOSLobApp%27))%20and%20(microsoft.graph.managedApp/appAvailability%20eq%20null%20or%20microsoft.graph.managedApp/appAvailability%20eq%20%27lineOfBusiness%27%20or%20isAssigned%20eq%20true)&$orderby=displayName&
You can find such a URI yourself by opening the developer tools in Edge when you’re browsing through the Intune portal. The network tab shows which Graph API calls are made to pull the data when browsing through the portal.
Choose Add Parameter and select Authentication.
As Authentication type select Managed identity.
Select your Managed identity from the list.
And add https://graph.microsoft.com as Audience.
Next, we need to add a Parse JSON action. We parse the output of the HTTP action, to be able to use the values later on in the flow.
As Content, we select Body from the Dynamic content list that is from our HTTP action.
To get the schema, we can use an example payload to generate our schema. We can get such an example payload by running the flow (without the Parse JSON action), to grab the output from the HTTP action. Or we use Graph Explorer, run the URI from the HTTP action and use that output as an example.
Click Use sample payload option to create the schema. Paste the information from Graph Explorer in the sample payload field to create the schema.
And this is our Parse JSON action
Sometimes when we run the flow, the Parse JSON action throws an error like “Invalid type. Expected string but got Null” .
The value is null, but a string was expected. We can simply solve this issue by replacing:
"type": "string"
For this in the schema:
"type": ["string", "null"]
This is the schema I use, which you can use in your flow.
{
"properties": {
"@@odata.context": {
"type": "string"
},
"@@odata.count": {
"type": "integer"
},
"value": {
"items": {
"properties": {
"@@odata.type": {
"type": "string"
},
"appAvailability": {
"type": "string"
},
"applicableDeviceType": {
"properties": {
"iPad": {
"type": "boolean"
},
"iPhoneAndIPod": {
"type": "boolean"
}
},
"type": "object"
},
"buildNumber": {
"type": "string"
},
"bundleId": {
"type": "string"
},
"committedContentVersion": {},
"createdDateTime": {
"type": "string"
},
"dependentAppCount": {
"type": "integer"
},
"description": {
"type": "string"
},
"developer": {
"type": "string"
},
"displayName": {
"type": "string"
},
"expirationDateTime": {
"type": "string"
},
"fileName": {
"type": "string"
},
"id": {
"type": "string"
},
"identityVersion": {
"type": "string"
},
"informationUrl": {},
"isAssigned": {
"type": "boolean"
},
"isFeatured": {
"type": "boolean"
},
"largeIcon": {},
"lastModifiedDateTime": {
"type": "string"
},
"minimumSupportedOperatingSystem": {
"properties": {
"v10_0": {
"type": "boolean"
},
"v11_0": {
"type": "boolean"
},
"v12_0": {
"type": "boolean"
},
"v13_0": {
"type": "boolean"
},
"v14_0": {
"type": "boolean"
},
"v15_0": {
"type": "boolean"
},
"v16_0": {
"type": "boolean"
},
"v8_0": {
"type": "boolean"
},
"v9_0": {
"type": "boolean"
}
},
"type": "object"
},
"notes": {
"type": "string"
},
"owner": {
"type": "string"
},
"privacyInformationUrl": {
"type": [
"string",
"null"
]
},
"publisher": {
"type": "string"
},
"publishingState": {
"type": "string"
},
"roleScopeTagIds": {
"type": "array"
},
"size": {
"type": "integer"
},
"supersededAppCount": {
"type": "integer"
},
"supersedingAppCount": {
"type": "integer"
},
"uploadState": {
"type": "integer"
},
"version": {},
"versionNumber": {
"type": "string"
}
},
"required": [
"@@odata.type",
"id",
"displayName",
"description",
"publisher",
"largeIcon",
"createdDateTime",
"lastModifiedDateTime",
"isFeatured",
"privacyInformationUrl",
"informationUrl",
"owner",
"developer",
"notes",
"uploadState",
"publishingState",
"isAssigned",
"roleScopeTagIds",
"dependentAppCount",
"supersedingAppCount",
"supersededAppCount",
"appAvailability",
"version",
"committedContentVersion",
"fileName",
"size",
"bundleId",
"expirationDateTime",
"versionNumber",
"buildNumber",
"identityVersion",
"applicableDeviceType",
"minimumSupportedOperatingSystem"
],
"type": "object"
},
"type": "array"
}
},
"type": "object"
}
Next, we add a Condition action, which is a Control action.
With this action, we will filter out all applications with an expiration date of 30 days. If the expiration date is in the next 30 days, the result of the condition is true, thus under true we will add the next part of the flow.
In the left box add expirationDateTime, which you can find as Dynamic content. This will add the condition in a For each action, which will loop through every found application.
Choose is less than from the drop-down list.
In the right box, we will add an expression. This will add the current date/ time plus 30 days.
Expression:
addToTime(utcNow(),30,'day')
And this is our condition.
Under True, we add our action to send out a notification. In this case, I add an action to send out an email using a shared mailbox. You need to authenticate to the shared mailbox, which I don’t show in the screen shot.
As you can see you can just add your own text to the Subject and Body. But we can also use dynamic content items to clarify which LOB app is about to expire and when the expiration date is.
And another option to send out a notification, us send out a message to Teams.
Add an HTTP action.
As Method select POST.
As URI enter the webhook URL.
As Headers enter Content-Type – application/json
In the body, we add the text and title in JSON format. Below is the JSON format we need to use for this, without our variables:
{
"text": "WRITE YOUR MESSAGE TEXT HERE",
"title": "WRITE YOUR TITLE HERE"
}
We can use dynamic content and enter our own text.
Use \n\n in the text to create new lines in the text message, otherwise, the message consists of one long line of text.
And I used ** to get some text in bold.
This is the JSON I used in my example:
{
"text": "**Application name:** @{items('For_each_iOS_LOB_Apps')?['displayName']}\n\n **Expiration date:** @{items('For_each_iOS_LOB_Apps')?['expirationDateTime']}\n\n Please contact the application owner/ developer of the LOB app to supply an updated version of the app.",
"title": "iOS LOB App @{items('For_each_iOS_LOB_Apps')?['displayName']} is about to expire!"
}
And this is our complete flow.
The end result
The end result is a Teams message in one of your Teams channels.
Or an email message in your mailbox!
That’s it for today. Thanks for reading!