Preparations

Before the Microsoft Intune connector can be configured, the following steps have to be carried out in Microsoft Azure.

Register the Microsoft Intune connector as an Azure Active Directory application

  1. In the Microsoft Azure portal, and in the main menu, select Azure Active Directory, and then select App registrations.

  2. Select New registration.

  3. In the Name box, enter Microsoft Intune SIM app.

  4. Set Supported account types to Accounts in this organizational directory only.

  5. Set Redirect URI to Web and enter the following in the URI box: http://localhost:8080

  6. Select Register to save the new application.

Grant Microsoft Graph API permission to read Microsoft Intune data

The Microsoft Intune connector uses a Microsoft Azure application with Graph API access to gather the data from Intune.

  1. In the Microsoft Azure portal, and in the main menu, select Azure Active Directory, and then select App registrations.

  2. Select All apps.

  3. Select Microsoft Intune SIM app.

  4. Select API Permissions.

    The API Permissions view appears.

  5. In the API Permissions view, select Add a permission.

  6. In the Request API permissions section, select Microsoft Graph.

  7. Select Delegated permissions.

  8. Configure the following list of permissions:

    • Select offline_access in the list of permissions

    • Select DeviceManagementApps > DeviceManagementApps.Read.All (Read Microsoft Intune apps)

    • Select DeviceManagementManagedDevices > DeviceManagementManagedDevices.Read.All (Read Microsoft Intune devices)

    • Clear the User > User.Read permission, if it is selected.

  9. Select Add permissions.

  10. Select Grant admin consent for your company name.

    Note

    This step must be performed by an admin user.

    Figure 1.
    MicrosoftIntune_API_permissions.png

    The API Permissions view after the admin consent is granted.



Locate Directory (tenant) ID

Locate the ID of the Microsoft Azure Active Directory that the information is to be retrieved from. The information is used when configuring the connector.

  1. In the Microsoft Azure portal, navigate to Microsoft Intune SIM app.

    MicrosoftIntune_locate_directory_ID.png
  2. Make a note of the value in the Directory (tenant) ID field. 

    The value will be used as the Directory id when configuring the integration connector.

Locate Application (client) ID

The ID of the application that will connect to Microsoft Azure Active Directory. The information is used when configuring the connector.

  1. In the Microsoft Azure portal, navigate to Microsoft Intune SIM app.

    MicrosoftIntune_locate_application_ID.png
  2. Make a note of the value of the Application (client) ID.

    The value will be used as the Application id when configuring the integration connector.

Locate Client secret

Locate the key that will be used as the secret in the connection to Microsoft Azure. The information is used when configuring the connector.

  1. In the Microsoft Azure portal, navigate to Microsoft Intune SIM app.

    MicrosoftIntune_locate_client_secret.png
  2. Select Certificates & secrets.

  3. Create a new client secret by use of the following information:

    • Select New client secret.

    • Set Description to sim_intune_key.

    • Set Expires to Never.

  4. Select Add.

    The client secret is displayed.

  5. Make a note of the value of the client secret. The value is used as the Application secret when configuring the integration connector.

    Note

    Make sure to note the value of the client secret before you leave this screen.