Documentation forSolarWinds Service Desk

Microsoft Endpoint Manager (Intune) Integration

Microsoft Endpoint Manager (MDM) helps deliver a modern workplace management approach to keep your data secure, in the cloud and on-premises.

To streamline your processes and maximize efficiency, we offer the ability to integrate MDM with your SWSD.

Click the link below to go directly to the topic of interest:

Benefits

  • This integration will automatically import all mobile assets from Microsoft Endpoint Manager (Intune) to the Mobile Devices area in Solarwinds Service Desk (SWSD).
  • This will allow them to attach the mobile devices to users, incidents, and other objects in SWSD.

Use Case

An asset manager currently has an MDM profile (Intune) installed on their mobile devices. Rather than installing an additional agent, such as our Discovery Agent, they can simply obtain the data pulled from Intune via this integration.

How To’s

SWSD:

  • Microsoft Endpoint Manager (Intune) is located under Setup – Integrations – Microsoft Endpoint Manager
  • We will be getting two different data points from Azure before we activate the integration

Azure:

We need to create an API connection for SWSD to call into Azure to collect the Intune data.

  • Sign into your Azure portal
  • Go under to Azure directory and navigate to Azure Active Directory

  • Select App registrations

  • Click on New registration at the top of the page

  • Provide a name for the new app. We recommend Intune – SWSD

  • Under supported account types:

    • Accounts in any organizational directory (Any Azure AD directory – Multi tenant)

  • Redirect URI:

    • For US datacenter customers: https://app.samanage.com/auth/microsoft_graph_auth/callback

    • For EU datacenter customers: https://appeu.samanage.com/auth/microsoft_graph_auth/callback

  • Register the new application

  • Copy the Application (client) ID

  • Paste it in the integration section of SWSD under Application (client) ID

You have created the connection between azure and your SWSD and registered the app. You will now need to create a certificate in Azure. Please follow the steps below:

  • Click on Certificates & Secrets

  • Click on New Client Secret

    • Provide a description. We recommend Intune SWSD.
    • Provide an expiration time.
      • The time selected dictates how long the connection will last before having to create a new secret. You should consult with your security team if you are unsure what to input here.
    • Click the Add button

    • Copy the Application (client) secret value

    • Paste it into the integration in SWSD under Application (client) Secret

    You are almost done.

    In Azure, click on API Permissions in the side menu

    • Click on Add a permission

    • Click on Microsoft Graph (it should be the very top option)

    • Add the following:

      • Device.Command - Delegated
      • Device.Read - Delegated
      • Device.Read.All - Application
      • DeviceManagementManagedDevices.Read.All - Delegated
      • DeviceManagementManagedDevices.Read.All - Application
      • User.Read - Delegated
    • Click Intune

      • Add the following:

        • App Permission
        • get_device_compliance - Application

      Review the image below to confirm you set the correct permissions:

Navigate back to SWSD and click Activate on the integration.

  • You will be redirected to the Azure sign in page.
  • Sign in using your credentials for the Azure portal you just setup.

List of fields pulled

Below is a list of the fields pulled. These fields are directly integrated into your SWSD instance.