Intune configuration

On this page

Navigation

Setup > Discovery & Assets > Connections.

You need to create an API connection for SolarWinds Service Desk (SWSD) to call into Microsoft Entra ID to collect the Intune data.

Sign into your Entra portal.
From the Entra welcome page, under services, select Entra.
On the left, select App registrations.
Click New registration at the top of the page.

The Register an application dialog opens.
Provide a name for the new app. SolarWinds recommends Intune – SWSD.
Under supported account types, select Accounts in any organizational directory (any Microsoft Entra ID [previously Azure AD] directory – Multi tenant).
Under Redirect URI, select Web from the dropdown and determine which selection to use:
- US datacenter customers: https://app.samanage.com/auth/microsoft_graph_auth/callback
- EU datacenter customers: https://appeu.samanage.com/auth/microsoft_graph_auth/callback
- AU datacenter customers: https://appau.samanage.com/auth/microsoft_graph_auth/callback
Click Register.
Copy the Application (client) ID.
Paste it in the integration section of SWSD under Application (client) ID.
In Entra, click Authentications, under the URL from Step 7, click Add URI, then paste the URL below but use your account name:

https://AccountName.samanage.com/auth/microsoft_graph_auth/callback

** If you have a Custom Domain (URL) add:

customdomain/auth/microsoft_graph_auth/ callback
Click Save.

You have created the connection between Entra and your SWSD and registered the app. Next, you need to create a certificate in Entra.

In Entra, click Certificates & Secrets.
Click New Client Secret.
1. Provide a description. SolarWinds recommends Intune SWSD.
2. Provide an expiration time.
  
  The time selected dictates how long the connection will last before having to create a new secret. You should consult with your security team if you are unsure what to enter here.
Click Add.
Click the Copy to clipboard icon to copy the Application (client) secret value.

Client secret values cannot be viewed, except for immediately after creation.
Paste the client secret value into the integration under Application (client) Secret.
In Entra, from the side menu click API Permissions.
1. Click Add a permission.
2. Click Microsoft Graph near the top.
3. Add the following:
  - Device.Read - Delegated
  - Device.Read.All - Application
  - DeviceManagementConfiguration.Read.All - Application
  - DeviceManagementManagedDevices.Read.All - Delegated
  - DeviceManagementManagedDevices.Read.All - Application
  - User.Read - Delegated
4. Click Intune.
5. Add the following:
  - App Permission
    
    get_device_compliance - Application
6. Review the image below to confirm you set the correct permissions.
7. Press Grant admin consent.
8. Press Yes.

Navigate to Setup > Discovery & Assets.
From the All Connections index page, click Add , and from the dropdown menu, select Intune.
In the Intune dialog, provide the information requested.

Use the information below to help in configuration.

Fields with a red asterisk (*) are required.

Field	Description
Name*	Create a meaningful name that will provide you with significant data. Name is for your ease and convenience. This information does not affect the scanning process.
Description*	Provide a meaningful description of the data.
Cloud Type	Identifies the type of Entra Cloud, either Public or Government, where your Intune instance is stored.
Computers and Mobile Devices ¹	Identifies the device types for which you want to collect information. Select one or more.
Application (client) ID*	Entra identifier used to create an API connection to Intune.
Application (client) Secret*	Entra password.
¹Intune recognizes mobile devices as devices running mobile operating systems like iOS and Android. This includes tablets, smart phones, other mobile devices.

Click Create in the top right of the screen to save the connection.

Be aware that any incorrect information provided in the configuration setup (for example, an incorrect password) will prevent proper reporting in the Scanning report.
Sign in using the credentials you set up for the Entra portal.
If you receive an error message regarding a regarding an integration failure:
1. Return to Step 2 - Create Entra Certificate, item 6.c.
2. Remove the permission for User.Read - Delegated.
3. Allow that permission again.

You have successfully created the connection between Entra and your SWSD.

If multiple Intune objects with the same serial number are created, SWSD treats them as the same object and updates the existing device.
When an object is deleted within Intune, the device needs to be manually deleted in SWSD.
If an object is delted withing Intune, but not manually deleted in SWSD, and then it is re-added, SWSD updates the existing mobile device.

Below is a list of Intune mobile device field names with their related SWSD field name.

Intune	SWSD
Owner name/ user display (the Entra-registered name of the user as identified by Entra user ID)	Owner
User Principal Name or email address	Owner
Phone number	Owner
Device name
Manufacturer	Manufacturer
Operating system	OS Version
Serial number	Serial Number
IMEI number	IMEI number
IP address	IP address
Wi-Fi MacAddress	Wi-Fi Mac
ICCID	ICCID
app name	App list
version	App list
app ID	App list
size	App list
installation location	App list

Below is a list of Intune computer field names with their related SWSD field name.

Data syncs begin at 7:00 UTC.

All data syncs occur overnight every night.

See Connections for information about: