Skip to main content

1E 23.11 (SaaS)

Intune connector

Connects to an Intune application and collects inventory and usage data. For information on the type of data collected by the Intune connector, please refer to the Intune column of the table on Management groups rules page.

The below configuration procedure assumes you already have an Intune subscription, and are able to populate the connector with information available in an Enterprise Application in your Azure Active Directory (AAD) Console.

Prerequisites

Before adding a new Intune connector, you will need the following information from an Enterprise Application created in your AAD console:

  • Azure cloud instance URL (optional) if this is not supplied then AzurePublic is used as a default

  • Azure Tenant ID, available in the Overview node of your AAD console (see opposite)

  • The registered application clientID (a string representing a GUID)

  • A client secret value that has been created for your chosen Enterprise Application.

Azure Active Directory overview
Prepare an AAD application

In your Azure Active Directory console, go to the Enterprise applications node and click New application.

New Application

You need to create a non-gallery application, in the version of AAD we're using this is done by clicking the Create your own application button.

Provide a name for the application. The application name is not important but should suggest the application relates to platform connector. For example 1E Intune Connector, click Add in the bottom left of the screen.

In the Overviewtab, copy theObject ID (called Client Id in 1E) and the Application ID (called Tenant Id in 1E) values as these will be required for the connector.

InTune Connector overview

Click the App registrations node of AAD. Click on the application name for the application(s) listed, you will need to navigate back to the AAD blade.

Note

You may need to change the tab to All Applications to see the new application.

App registrations
Add permissions
  1. Click on the API permissions node under the Manage node, then click Add a permission.

  2. Click on the Microsoft Graph tile, then click on Application permissions.

  3. Scroll through the list of API permissions, and check as appropriate using the following, then click Add permissions.

    intune-add-permissions.png
  4. Click Grant admin consent for <organization>, where <organization> is the Organization you set when you created your Intune instance.

    This means that as an administrator for your organization, you're consenting that the users of the application would want to use these permissions.

Add a client secret

Click on the Certificates & secrets node and then click on the New client secret button.

The Add a client secret form will open, add a Description and select an expiry from the Expires radio buttons and then click Add.

Copy the new client secret value and save it, as you won't be able to retrieve it after you perform another operation or leave this blade.

Warning

If you do not copy the Value at this point, when you navigate away from the Certificates & secrets screen you will be unable to copy it again. This means that you will have to delete the Secret and recreate it.

AltText
Configuring the Intune connector

These instructions show how to create an Intune connector in the Settings application.

Adding, testing and running an Intune connector

These are the steps to add, test and run an Intune connector.

Adding an Intune connector
  1. In the 1E portal portal, navigate to Settings→Configuration→Connectors.

  2. Click on the Add button.

  3. In the Add connector popup, select the Intune type.

  4. In Connector name, enter a logical name for this connector. In our example we choose the name Intune Inventory.

  5. Azure Cloud Instance can be set to the URL for your Intune implementation. If you leave this field blank AzurePublic is used as a default, for the AzureCloudInstance reference see https://learn.microsoft.com/en-us/dotnet/api/microsoft.identity.client.azurecloudinstance?view=msal-dotnet-latest

  6. In Azure Tenant Id, enter your Azure tenant ID, available in the Overviewnode of your AAD console.

  7. Client Id this should be set to your registered application clientID.

  8. Client Secret this should be set to the specific client secret value that has been created for your chosen Enterprise Application

  9. Run Consolidation Reports - check this checkbox if you want the consolidation reports running automatically after this connector has been synchronized.

  10. Click Add.

The new connector has now been added and a new action that can be used to run the connector has been created in the background, called Sync Data - Intune Inventory.

Testing an Intune connector
  1. Select the Intune connector by checking the box at the left-hand end of its entry in the Connectors table.

  2. Click the Test button.

    1. The Test status column for the connector will display a clock icon

      232785752.png

      indicating that the test has been queued for executing.

    2. If the test succeeds, Test status will display a check icon

      232785754.png

      and the Last tested column will display the date and time the test succeeded.

    3. If the test fails, the Test status will display a failed icon

      232785753.png

      and you'll need to check the details you entered for the connector.

  3. If the test succeeds, you can proceed to run the connector to populate an inventory repository.

Running an Intune connector
  1. Click the Execute button.

  2. In the Execute action popup subsequently displayed, use the Repository menu to select the inventory repository you want to populate.

  3. Once the repository has been selected, you can then select the action to run. In the case of inventory repositories, the actions will be restricted to inventory related actions. For a connector, you will be looking for an action with the form Sync Data - <connector name>.

  4. Select whether you want to clear any existing data in the repository by checking the Clean sync checkbox.

  5. Click Execute button in the Execute action popup to start the sync.

  6. When the sync starts, a number of actions are queued to be performed on the selected repository. To check the progress of the sync actions:

    1. Navigate to the Monitoring→Process log page.

    2. Here, you can see the sequence of actions that have been queued for the selected repository related to the Sync Data action selected.

    3. When each action has finished running, you'll see a check icon

      232785754.png

      appear in the Status column if it succeeds or a failed icon

      232785753.png

      if it fails.

  7. Once all the actions have succeeded, you can check the results. To do this:

    1. Navigate to the Monitoring→Sync log page.

    2. This displays the items that have been added to the selected repository as a result of running the sync.

The Intune connector parameters

The following fields are available in the Add connector and Edit connector popups when the Intune Connector type is selected, as shown in the picture opposite:

Field

Description

Connector type

Shows the connector type: Intune.

Repository type

Shows which type of repository the connector works with. For the Intune Connector type this is always Inventory.

Connector name

Here you set the logical name for the connector.

Tip

You should use a naming convention for connector names:

<connector type> <scope> <RCR>

Scope describes where data is coming from or what it's being used for. For example Demo, Test, Lab, Q2 Audit.

Include RCR in the name if you have enabled Run Consolidation Reports.

Azure Cloud Instance

Azure cloud instance URL (optional) if this is not supplied the AzurePublic is used as a default.

Tenant Id

Azure tenant ID, available in the Overview node of your AAD console.

Client Id

The registered application clientID.

Client Secret

A client secret value that has been created for your chosen Enterprise Application.

Run Consolidation Reports

Check the Run Consolidation Reports checkbox if you want consolidation actions to be processed each time the Sync Data action is executed for the connector.

This can lead to unnecessary processing if you enable this on more than one connector. The recommended method of processing consolidation actions is to schedule the action Generate Report - Basic Inventory Consolidation to execute after the Sync Data actions have run for all connectors. This will execute the remaining consolidation actions. Alternatively check the Run Consolidation Reports checkbox on one of your connectors. You can view action processes in Settings→Process log.

InTune Edit connector popup