Preparations

Before the Microsoft Intune connector can be configured, the following steps have to be carried out in Microsoft Azure.

Prerequisites

An Intune user account with admin privileges is required.

Register the Microsoft Intune connector as an Azure Active Directory application

  1. In the Microsoft Azure portal, and in the main menu, select Azure Active Directory, and then select App registrations.

  2. Select New registration.

  3. In the Name box, enter Microsoft Intune SIM app.

  4. Set Supported account types to Accounts in this organizational directory only.

  5. Select Register to save the new application.

Grant Microsoft Graph API permission to read Microsoft Intune data

The Microsoft Intune connector uses a Microsoft Azure application with Graph API access to gather the data from Intune.

  1. In the Microsoft Azure portal, and in the main menu, select Azure Active Directory, and then select App registrations.

  2. Select All apps.

  3. Select Microsoft Intune SIM app.

  4. Select API Permissions.

  5. In the API Permissions view, select Add a permission.

  6. In the Request API permissions section, select Microsoft Graph.

  7. Select Application permissions.

  8. Configure the following list of permissions:

    1. Select DeviceManagementApps > DeviceManagementApps.Read.All (Read Microsoft Intune apps)

    2. Select DeviceManagementManagedDevices > DeviceManagementManagedDevices.Read.All (Read Microsoft Intune devices)

    3. Select UserUser.Read.All (permission to read all users' full profiles)

      This needs to be selected only if LogonName is selected in the Username Mode dropdown when configuring the connector.

  9. Select Delegated permissions and clear the User > User.Read permission, if it is selected.

  10. Select Add permissions.

  11. Select Grant admin consent for your company name.

    Note

    This step must be performed by an admin user.

Locate Directory (tenant) ID

Locate the ID of the Microsoft Azure Active Directory that the information is to be retrieved from. The information is used when configuring the connector.

  1. In the Microsoft Azure portal, navigate to Microsoft Intune SIM app.

  2. Make a note of the value in the Directory (tenant) ID field. 

    The value will be used as the Directory id when configuring the integration connector.

Locate Application (client) ID

The ID of the application that will connect to Microsoft Azure Active Directory. The information is used when configuring the connector.

  1. In the Microsoft Azure portal, navigate to Microsoft Intune SIM app.

  2. Make a note of the value of the Application (client) ID.

    The value will be used as the Application id when configuring the integration connector.

Locate Client secret

Locate the key that will be used as the secret in the connection to Microsoft Azure. The information is used when configuring the connector.

  1. In the Microsoft Azure portal, navigate to Microsoft Intune SIM app.

  2. Select Certificates & secrets.

  3. Create a new client secret using of the following information:

    1. Select New client secret.

    2. Set Description to sim_intune_key.

    3. Set Expires to 24 months.

      Important

      The new client secret needs to be regenerated after the set expiration time. This also means that the connector needs to be re-configured.

  4. Select Add.

    The client secret is shown.

  5. Make a note of the value of the client secret. The value is used as the Application secret when configuring the integration connector.

    Note

    Make sure to note the value of the client secret before you leave this screen.