sevco.io

Microsoft Intune

Overview

Microsoft Intune is a cloud-based management solution that provides for mobile device and operating system management. It provides Unified Endpoint Management of both corporate and BYOD equipment.

Available Integrations

Product(s)Supported Asset Type(s)Integration Type
Microsoft IntuneDevicesSource

Why You Should Integrate

Integrating with a cloud-based management solution like Microsoft Intune will provide visibility and device presence awareness for an environment.

How Does the Integration Work

This integration pulls computer objects from Intune that belong to the inventory of devices accessing organization resources.

This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.

⚠️

Please review the configuration instructions in the section below before setting up permissions for apps.

Configuration

  1. Choose a Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas

    • OAuth2: Will retrieve devices using OAuth2 authentication. Note: OAuth2 will require re-authentication every 90 days, requiring you to edit and re-activate the source.
    • Client ID/Secret: Will retrieve computer objects using a client ID/secret.
  2. Configure plugin: Configure the plugin with the required fields.

OAuth2

Log in with your Microsoft credentials and accept the permission request.

Client ID/Secret

FieldDescriptionExample
Client ID*The unique ID of the app created for access.00000000-0000-0000-0000-000000000000
Client Secret*The value of the app secret is used to authenticate with the source.***********************
Domain*The domain used to access the source.your-domain.com
  1. Add an Integration: Select the integration(s) you'd like to add.

    • Collect devices
  2. Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.

FieldDescriptionExample
Name (optional)Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization.DMZ network
Contact Person (optional)A placeholder to input a name or email address of a contact associated with the integration.Jane Doe
Link to Console (optional)A placeholder to input a link to the console of the product Sevco is integrating with for quick reference and access when configuring or editing the integration.www.product.com/devices
  1. Activate Config: Select "Activate" to enable this configuration and begin pulling data.

Creating credentials

OAuth2

Use an existing MS Azure AD account with admin permissions authorized to grant permissions defined in the Required Permissions - OAuth2 with asset filtering section below. The account used must be member of one of the following administrator roles:

  • Global Administrator
  • Security Administrator
  • Security Reader
  • User Administrator

Client ID/Secret

You'll be asked to provide a client secret that Sevco will use to connect to Microsoft Intune. This will require the creation of an app in Azure in order to provide API-based access. The following link will step you through creating an account, How to use Azure AD to access the Intune APIs in Microsoft Graph
NOTE: Ensure to input the App Secret Value, not the ID when configuring the plugin.

See Azure AD - Creating credentials for creating a client ID and secret.

Required Permissions

OAuth2

The OAuth authentication flow will ask the user to authorize Sevco access by requesting the following permissions

  • DeviceManagementConfiguration.Read.All
  • DeviceManagementConfiguration.ReadWrite.All
  • DeviceManagementManagedDevices.Read.All
  • DeviceManagementManagedDevices.ReadWrite.All

Client ID/Secret

The following permission types is required to call this API:

Permission typePermissions (from least to most privileged)
Delegated (work or school account)DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All
ApplicationDeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All

See Azure AD - Required Permissions for creating a client ID and secret with the appropriate permissions defined above.

API Documentation

https://docs.microsoft.com/en-us/graph/api/intune-devices-windowsmanageddevice-list?view=graph-rest-beta

Contact Us

If you're having problems configuring an Integration, or if you've found something wrong in this document, please email us at [email protected] or suggest edits directly by selecting the Suggest Edits link located in the upper right hand corner of the documentation.

Tags: cloud, mdm