Microsoft Endpoint Manager (Intune) Integration
Microsoft Endpoint Manager (MDM) helps deliver a modern workplace management approach to keep your data secure, in the cloud and on-premises.
To streamline your processes and maximize efficiency, we offer the ability to integrate MDM with your SWSD.
- This integration will automatically import all mobile assets from Microsoft Endpoint Manager (Intune) to the Mobile Devices area in Solarwinds Service Desk (SWSD).
- This will allow them to attach the mobile devices to users, incidents, and other objects in SWSD.
An asset manager currently has an MDM profile (Intune) installed on their mobile devices. Rather than installing an additional agent, such as our Discovery Agent, they can simply obtain the data pulled from Intune via this integration.
- Microsoft Endpoint Manager (Intune) is located under Setup – Integrations – Microsoft Endpoint Manager
- We will be getting two different data points from Azure before we activate the integration
We need to create an api connection for SWSD to call into Azure to collect the Intune data.
- Sign into your Azure portal
Go under to Azure directory and navigate to Azure Active Directory
Select App registrations
Click on New registration at the top of the page
Provide a name for the new app. We recommend Intune – SWSD
Under supported account types:
Accounts in any organizational directory (Any Azure AD directory – Multi tenant)
Register the new application
Copy the Application (client) ID
Paste it in the integration section of SWSD under Application (client) ID
You have created the connection between azure and your SWSD and registered the app. You will now need to create a certificate in Azure. Please follow the steps below:
Click on Certificates & Secrets
Click on New Client Secret
- Provide a description. We recommend Intune SWSD.
- Provide an expiration time.
- The time selected dictates how long the connection will last before having to create a new secret. You should consult with your security team if you are unsure what to input here.
Click the Add button
Copy the Application (client) secret value
- Paste it into the integration in SWSD under Application (client) Secret
You are almost done.
In Azure, click on API Permissions in the side menu
Click on Add a permission
Click on Microsoft Graph (it should be the very top option)
Add the following:
- Device.Command - Delegated
- Device.Read - Delegated
- Device.Read.All - Application
- DeviceManagementManagedDevices.Read.All - Delegated
- DeviceManagementManagedDevices.Read.All - Application
- User.Read - Delegated
Add the following:
- App Permission
- get_device_compliance - Application
Review the image below to confirm you set the correct permissions:
Navigate back to SWSD and click Activate on the integration.
- You will be redirected to the Azure sign in page.
- Sign in using your credentials for the Azure portal you just setup.