Microsoft Intune is a cloud-based management solution that provides for mobile device and operating system management. It provides Unified Endpoint Management of both corporate and BYOD equipment.
|Product(s)||Supported Asset Type(s)||Integration Type|
Integrating with a cloud-based management solution like Microsoft Intune will provide visibility and device presence awareness for an environment.
This integration pulls computer objects from Intune that belong to the inventory of devices accessing organization resources.
Please review the configuration instructions in the section below before setting up permissions for apps.
Choose a Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas
- OAuth2: Will retrieve devices using OAuth2 authentication. Note: OAuth2 will require re-authentication every 90 days, requiring you to edit and re-activate the source.
- Client ID/Secret: Will retrieve computer objects using a client ID/secret.
Configure plugin: Configure the plugin with the required fields.
Log in with your Microsoft credentials and accept the permission request.
|The unique ID of the app created for access.|
|The value of the app secret is used to authenticate with the source.|
|The domain used to access the source.|
Add an Integration: Select the integration(s) you'd like to add.
- Collect devices
Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.
|Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization.|
|A placeholder to input a name or email address of a contact associated with the integration.|
|A placeholder to input a link to the console of the product Sevco is integrating with for quick reference and access when configuring or editing the integration.|
- Activate Config: Select "Activate" to enable this configuration and begin pulling data.
Use an existing MS Azure AD account with admin permissions authorized to grant permissions defined in the Required Permissions - OAuth2 with asset filtering section below. The account used must be member of one of the following administrator roles:
- Global Administrator
- Security Administrator
- Security Reader
- User Administrator
You'll be asked to provide a client secret that Sevco will use to connect to Microsoft Intune. This will require the creation of an app in Azure in order to provide API-based access. The following link will step you through creating an account, How to use Azure AD to access the Intune APIs in Microsoft Graph
NOTE: Ensure to input the App Secret Value, not the ID when configuring the plugin.
See Azure AD - Creating credentials for creating a client ID and secret.
The OAuth authentication flow will ask the user to authorize Sevco access by requesting the following permissions
The following permission types is required to call this API:
|Permission type||Permissions (from least to most privileged)|
|Delegated (work or school account)||DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All|
|Application||DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All|
See Azure AD - Required Permissions for creating a client ID and secret with the appropriate permissions defined above.
If you're having problems configuring an Integration, or if you've found something wrong in this document, please email us at [email protected] or suggest edits directly by selecting the
Suggest Edits link located in the upper right hand corner of the documentation.
Tags: cloud, mdm
Updated about 1 month ago