Microsoft Intune

Overview

Microsoft Intune is a cloud-based management solution that provides for mobile device and operating system management. It provides Unified Endpoint Management of both corporate and BYOD equipment.

Available Integrations

Product(s)Supported Asset Type(s)Integration Type
Microsoft IntuneDevices, SoftwareSource

Why You Should Integrate

Integrating with a cloud-based management solution like Microsoft Intune will provide visibility and device presence awareness for an environment, along with visibility into the software packages installed on your managed devices.

How Does the Integration Work

This integration uses the Microsoft Graph API to pull computer objects from Intune that belong to the inventory of devices accessing organization resources, and can also pull the application inventory reported for those devices. Both the Microsoft public cloud and the US Government (GCC High) cloud are supported.

This data is only used internally; we do not share it with any parties outside of Arctic Wolf Networks. Refer to our privacy policy for details.

⚠️

Please review the configuration instructions in the section below before setting up permissions for apps.

Configuration

  1. Choose a Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas

    • OAuth2: Will retrieve devices using OAuth2 authentication. Note: OAuth2 will require re-authentication every 90 days, requiring you to edit and re-activate the source.
    • Client ID/Secret: Will retrieve computer objects using a client ID/secret from a Microsoft Entra ID (formerly Azure AD) app registration. Customers in the US Government (GCC High) cloud should choose the schema that includes the Intune Region and select gov_cloud_l4.
  2. Configure plugin: Configure the plugin with the required fields.

OAuth2

Log in with your Microsoft credentials and accept the permission request.

Client ID/Secret

FieldDescriptionExample
Client ID*The unique ID of the app created for access.00000000-0000-0000-0000-000000000000
Client Secret*The value of the app secret is used to authenticate with the source.***********************
Domain*The fully qualified domain of your tenant, used to access the source.your-domain.com
Intune RegionThe Microsoft cloud your tenant resides in. Select public for the Microsoft public cloud (default) or gov_cloud_l4 for the US Government (GCC High) cloud.public
  1. Add an Integration: Select the integration(s) you'd like to add.

    • Collect devices
    • Collect software
  2. Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.

FieldDescriptionExample
Name (optional)Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization.DMZ network
Contact Person (optional)A placeholder to input a name or email address of a contact associated with the integration.Jane Doe
Link to Console (optional)A placeholder to input a link to the console of the product Aurora ASM is integrating with for quick reference and access when configuring or editing the integration.www.product.com/devices
  1. Activate Config: Select "Activate" to enable this configuration and begin pulling data.

Creating credentials

OAuth2

Use an existing Microsoft Entra ID account with admin permissions authorized to grant the permissions defined in the Required Permissions section below. The account used must be member of one of the following administrator roles:

  • Global Administrator
  • Security Administrator
  • Security Reader
  • User Administrator

Client ID/Secret

You'll be asked to provide a client secret that Aurora ASM will use to connect to Microsoft Intune. This will require the creation of an app registration in Microsoft Entra ID in order to provide API-based access. The following link will step you through creating one, How to use Microsoft Entra ID to access the Intune APIs in Microsoft Graph
NOTE: Ensure to input the App Secret Value, not the ID when configuring the plugin.

Required Permissions

OAuth2

The OAuth authentication flow will ask the user to authorize Aurora ASM access by requesting the following Microsoft Graph permission

  • DeviceManagementManagedDevices.Read.All

Client ID/Secret

The following permissions are required to call this API:

Permission TypePermissions
ApplicationDeviceManagementManagedDevices.Read.All

The permission must be granted admin consent in Microsoft Entra ID for the app registration.

API Documentation

Contact Us

If you're having problems configuring an Integration, or if you've found something wrong in this document, please email us at [email protected].

Tags: cloud, mdm