Login
    Contents x
    Microsoft Intune
    • 19 Sep 2024
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Microsoft Intune

    • Updated on 19 Sep 2024
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Microsoft Intune is a cloud-based endpoint management solution. Intune simplifies app and device management across your device portfolio, including mobile devices, desktop computers, and virtual endpoints.

    Integration Method: API

    Tables: Account Change, Entity Management, Group Management, Device Inventory, User Inventory

    DataBee integrates with InTune APIs to populate multiple tables related to users and devices. These API endpoints as well as their example responses are shown below. This integration has been tested against the Microsoft Graph API v1.0.

    Microsoft Intune Setup

    1. Log on to Azure with a user account that has the Global Administrator role.

    2. Navigate to Microsoft Entra ID > App registrations > New registration. The "Register an application" page will appear. (If you have an existing application, you can also use that.)

    3. Enter the application's registration information (If you are creating a new application):

      1. In the ‘Name’ section, enter a meaningful application name that will be displayed to users.

      2. For ‘Supported account types’, click the Accounts in any organizational directory option.

      3. Set the ‘Redirect URI’ to http://localhost.

      4. Click on Register to create the application.

    4. On the app “Overview” page, copy the Application (client) ID and Directory (tenant) ID for later use.

    Add Endpoint Access

    Once the application is created, three permissions should be provided in order to get data. The appropriate permissions for the application are needed to access these endpoints. The following section details how to configure and add permissions to the three required endpoints.

    The API endpoints needed for this integration are:

    • https://graph.microsoft.com/v1.0/deviceManagement/managedDevices

    • https://graph.microsoft.com/v1.0/auditLogs/directoryAudits

    Add Permissions

    From the Azure Active Directory portal:

    1. Select the application registered in the previous step.

    2. Click API Permissions, and then click Add a Permission. The “Request API permissions” window appears.

    3. Click on Microsoft Graph.

    4. Click on Application Permissions.

    5. The following permissions need to be granted for the endpoint to function properly:

      Endpoint Permissions

      Endpoints

      Permission

      /deviceManagement/managedDevices

      DeviceManagementManagedDevices.Read.Alll

      /auditLogs/directoryaudits

      AuditLog.Read.All

      /auditLogs/directoryaudits

      Directory.Read.All

      In the ‘Select permissions’ search bar, enter the permission shown above, and check the box for each to include it.

    6. Click the Add permissions button after selecting all required permissions.

    7. On the “API permissions” page, click Grant Admin Consent for <tenant>.

    8. Click the Yes button on the consent confirmation. The required permissions are now added for the endpoints.

    Create the Client ID and Client Secret

    The last step in configuring the Graph API is creating a Client ID and Client Secret. To create these items, from the Azure Portal:

    1. Select the application created above.

    2. Click Certificates & secrets, and then Client secrets.

    3. Click New client secret. The “Add a client secret” window appears.

    4. Enter a Description for this client secret.

    5. Select the desired expiry period from the ‘Expires’ drop-list.

    6. Click Add.

    7. Copy the Value and SecretID fields to be used while configuring Intune in DataBee.

    DataBee Configuration

    1. Log into the DataBee console, navigate to Data, and click on Add New Data Source.

    2. Search for Microsoft InTune and click it.

    3. Select API Ingest.

    4. While configuring data source in Databee UI, select the OAuth2 option from the Authorization Method dropdown. Provide the above generated Client Key and Client Secret in the respective text boxes.

    5. In Token URL replace the <application_id> with your Tenant Id.

    API Request

    First, before making an API request, it's essential to configure the Access Token URL, Client ID, Client Secret, and Scope. You can find the Client ID and Client Secret on your application's Overview page. The default value of the Access Token URL and Scope is mentioned below:

    Access Token URL: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token

    Scope: https://graph.microsoft.com/.default

    You can obtain the Tenant ID from the Overview page as well.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence