Documentation forSolarWinds Service Desk

Microsoft Endpoint Manager (Intune) Integration

Microsoft Endpoint Manager (Intune) helps deliver a modern workplace management approach to keep your data secure, in the cloud and on-premises.

To streamline your processes and maximize efficiency, you can integrate Microsoft Endpoint Manager with SWSD.

Click a link below to go directly to the topic of interest:

Benefits

  • Integration with Microsoft Endpoint Manager (Intune) will automatically import all mobile assets to the Mobile Devices area in SolarWinds Service Desk (SWSD).
  • After integration, mobile devices can be attached to users, incidents, and other objects in SWSD.

Use Case

An asset manager currently has a Microsoft Endpoint Manager (Intune) profile installed on your organization's mobile devices. Rather than installing an additional agent, such as the SWSD Discovery Agent, you can simply obtain the data pulled from Intune via this integration.

Integration Instructions

In SWSD:

  • Microsoft Endpoint Manager (Intune) is located under Setup > Integrations > Microsoft Endpoint Manager.
  • You will get two different data points from Azure before you activate the integration

In Azure:

You need to create an API connection for SWSD to call into Azure to collect the Intune data.

Step 1 - Begin Azure Registration

  1. Sign into your Azure portal.
  2. Go under to Azure directory and navigate to Azure Active Directory.

  3. Select App registrations.

  4. Click New registration at the top of the page.

    The Register an application dialog opens.

  5. Provide a name for the new app. SolarWinds recommends Intune – SWSD.

  6. Under supported account types, select: Accounts in any organizational directory (Any Azure AD directory – Multi tenant).

  7. Under Redirect URI, determine which selection to use:

    • For US datacenter customers: https://app.samanage.com/auth/microsoft_graph_auth/callback

    • For EU datacenter customers: https://appeu.samanage.com/auth/microsoft_graph_auth/callback

  8. Click Register.

  9. Copy the Application (client) ID.

  10. Paste it in the integration section of SWSD under Application (client) ID.

You have created the connection between Azure and your SWSD and registered the app. Next, you need to create a certificate in Azure.

Step 2 - Create Azure Certificate

  1. In Azure, click on Certificates & Secrets.

  2. Click on New Client Secret

    1. Provide a description. SolarWinds recommends Intune SWSD.

    2. Provide an expiration time.

      The time selected dictates how long the connection will last before having to create a new secret. You should consult with your security team if you are unsure what to enter here.

  3. Click Add.

  4. Copy the Application (client) secret value

  5. In SWSD, paste it into the integration under Application (client) Secret.

  6. In Azure, click API Permissions in the side menu.

    1. Click Add a permission.

    2. Click Microsoft Graph near the top.

    3. Add the following:

      • Device.Command - Delegated

      • Device.Read - Delegated

      • Device.Read.All - Application

      • DeviceManagementManagedDevices.Read.All - Delegated

      • DeviceManagementManagedDevices.Read.All - Application

      • User.Read - Delegated

    4. Click Intune.

    5. Add the following:

      • App Permission

        get_device_compliance - Application

    6. Review the image below to confirm you set the correct permissions.

  7. Return to SWSD and click Activate on the integration. You will be redirected to the Azure sign in page.

  8. Sign in using your credentials for the Azure portal you just setup.

List of fields pulled

Below is a list of the fields pulled. These fields are directly integrated into your SWSD instance.