Documentation forSolarWinds Service Desk

Microsoft Endpoint Manager

Intune, which is part of Microsoft Endpoint Manager, helps deliver a modern workplace management approach to keep your data secure, in the cloud and on-premises.

To streamline your processes and maximize efficiency, you can integrate Intune with SWSD.

Integration Instructions

In SWSD:

  • Intune is located under Setup > Integrations > Microsoft Endpoint Manager.
  • You need to get two different data points from Azure before you activate the integration.

In Azure:

You need to create an API connection for SWSD to call into Azure to collect the Intune data.

Step 1 - Begin Azure Registration

  1. Sign into your Azure portal.
  2. From the Azure welcome page, under Azure services, select Azure Active Directory.

  3. On the left, select App registrations.

  4. Click New registration at the top of the page.

    The Register an application dialog opens.

  5. Provide a name for the new app. SolarWinds recommends Intune – SWSD.

  6. Under supported account types, select Accounts in any organizational directory (Any Azure AD directory – Multi tenant).

  7. Under Redirect URI, select Web from the dropdown and determine which selection to use:

    • For US datacenter customers: https://app.samanage.com/auth/microsoft_graph_auth/callback

    • For EU datacenter customers: https://appeu.samanage.com/auth/microsoft_graph_auth/callback

  8. Click Register.

  9. Copy the Application (client) ID.

  10. Paste it in the integration section of SWSD under Application (client) ID.

    You have created the connection between Azure and your SWSD and registered the app. Next, you need to create a certificate in Azure.

Step 2 - Create Azure Certificate

  1. In Azure, click Certificates & Secrets.

  2. Click New Client Secret.

    1. Provide a description. SolarWinds recommends Intune SWSD.

    2. Provide an expiration time.

      The time selected dictates how long the connection will last before having to create a new secret. You should consult with your security team if you are unsure what to enter here.

  3. Click Add.

  4. Click the Copy to clipboard icon to copy the Application (client) secret value.

    Client secret values cannot be viewed, except for immediately after creation.

  5. Paste the client secret value into the integration under Application (client) Secret.

  6. In Azure, from the side menu click API Permissions.

    1. Click Add a permission.

    2. Click Microsoft Graph near the top.

    3. Add the following:

      • Device.Command - Delegated

      • Device.Read - Delegated

      • Device.Read.All - Application

      • DeviceManagementConfiguration.Read.All - Application

      • DeviceManagementManagedDevices.Read.All - Delegated

      • DeviceManagementManagedDevices.Read.All - Application

      • User.Read - Delegated

    4. Click Intune.

    5. Add the following:

      • App Permission

        get_device_compliance - Application

    6. Review the image below to confirm you set the correct permissions.

  7. Return to SWSD.

    In the dialog box labeled Integrate your SolarWinds Service Desk account with Microsoft Endpoint Manager, under Cloud Type select the appropriate cloud type.

    • If your Azure account is on the public cloud, select Public from the dropdown.

    • If your Azure account is on the government cloud, select Government from the dropdown.

  8. Select the option for the type of device(s) you wish to import.

    • Computers

    • Mobiles

      If you import data for a device that already exists in SWSD, a duplicate record will not be created. The field used for matching is Serial number.
  9. Click Activate. You are redirected to the Azure sign in page.

  10. Sign in using your credentials for the Azure portal you just setup.

  11. If you receive an error message regarding a regarding an Intune integration failure:

    1. Return to Step 6.c.

    2. Remove the permission for User.Read - Delegated.

    3. Allow that permission again.

List of fields pulled

Below is a list of the fields pulled. These fields are directly integrated into your SWSD instance.