Microsoft Intune - Connector Builder

Connector Information

Microsoft Intune is a Microsoft cloud-based unified endpoint management service for both corporate and BYOD devices. It extends some of the "on-premises" functionality of Microsoft Endpoint Configuration Manager to the Microsoft Azure cloud.

ASM can connect via the Alemba Connector builder. The pull of information is controlled by the scheduling option within the System Administration>Integration>Scheduling option, and the security set by your Azure Administrators. This allows for your full control of when you would like to update the information in ASM.

Authentication and Security

In the Application Registration (for the Microsoft Graph Security), ensure you have application Permissions configured to allow creation, update and management of resources. The following is required:

DeviceManagementManaged
Devices.Read.All
offline_acces

Prerequiements

You must have at least ASM 10.6.5 installed with the connector builder functionality.

System Access Requirement

Application ID
Client Secret value (not the client secret ID)
DeviceManagementManaged, Devices.Read.All and offline_acces is required

Helpful Links

https://learn.microsoft.com/en-us/mem/intune/developer/reports-ref-devices

https://learn.microsoft.com/en-us/graph/intune-concept-overview

https://developer.microsoft.com/en-us/graph/graph-explorer

Configuring the Connector Builder for Microsoft Intune

Below are examples of the parameters you will want to populate in the connector builder for the Microsoft Intune mapping.

Access the Connector Builder: System Admin>Integration>Connector Builder
Click "Add Connector" to add a new connector
Enter the details (See sections below for details and examples)
1. Connector Builder Name: Microsoft Intune
2. Authentication Type: OAuth

Configure Resource Settings, click the "+" to add a Resource

Click the "New Resource" Link to expand and enter the details
1. Resource Display Name: Intune Device
2. Resource Id: InTuneDevice
3. Resource Category: CMDB Item
4. Resource Description: Microsoft Intune
Complete the queries as follows:

All

Query: All

URL: v1.0/deviceManagement/managedDevices?$top=@PAGESIZE

Nested Objects: value

Paged? True

Starting Page No: 0

Page Size: 500

Next Page Property: @odata.nextLink

Query: Search

URL: v1.0/deviceManagement/managedDevices?$filter=startswith(deviceName,'@SEARCHTEXT')&$top=@PAGESIZE

Nested Objects: value

Paged? True

Starting Page No: 0

Page Size: 500

Next Page Property: @odata.nextLink

Retrieve

Query: Retrieve

URL: v1.0/deviceManagement/managedDevices/@UNIQUEID?$select=id,deviceName,azureADDeviceId,serialNumber,phoneNumber,complianceState,operatingSystem,osVersion,model,manufacturer,lastSyncDateTime,totalStorageSpaceInBytes,freeStorageSpaceInBytes,imei,iccid,wiFiMacAddress,ethernetMacAddress,enrolledDateTime,isEncrypted,isSupervised,subscriberCarrier,userPrincipalName,managedDeviceOwnerType,physicalMemoryInBytes

Nested Objects Paged? False

Complete the Resource Details

Resource Unique Identifier Field

Field ID: id

Data Type: String

Resource Display Field

Field ID: DeviceName

Data Type: String

Resource Last Modified Field

Field ID: lastsyncDateTime

Data Type: DateTime

Setup fields, Click the "New Fieldset" link

Fieldsets Details

Fieldset id: DeviceFields

Type: Relative

Add fields to the fieldset, Click the "+" to add a new Field

Click the "+" to repeat and add a new row for all fields you need to add to this fieldset

Fields Details

Field ID: id

Field Display: Device ID

Data Type: String

Field ID: deviceName

Field Display: Name

Data Type: String

Field ID: azureADDeviceID

Field Display: azureADDeviceID

Data Type: String

Field ID: SerialNumber

Field Display: Sertial No

Data Type: String

Field ID: PhoneNumber

Field Display: Phone Number

Data Type: String

Field ID: complianceState

Field Display: Compliance State

Data Type: String

Field ID: OperatingSystem

Field Display: OS

Data Type: String

Field ID: osVersion

Field Display: OS Version

Data Type: String

Field ID: model

Field Display: Model

Data Type: String

Field ID: manufacturer

Field Display: Manufacturer

Data Type: String

Field ID: lastSyncDateTime

Field Display: last Sync Date Time

Data Type: String

Field ID: totalstorageSpaceInBytes

Field Display: Total Storage in Bytes

Data Type: String

Field ID: freestorageSpaceInBytes

Field Display: Free Storage SpaceInBytes

Data Type: String

Field ID: imei

Field Display: IMEI

Data Type: Boolean

Field ID: iccid

Field Display: ICCID

Data Type: String

Field ID: wiFiMacAddress

Field Display: Wi-FI MAC

Data Type: String

Field ID: ethernetMacAddress

Field Display: Ethernet Mac Address

Data Type: String

Field ID: enrolledDateTime

Field Display: Enrolled Date Time

Data Type: String

Field ID: isEncrypted

Field Display: Encrypted

Data Type: String

Field ID: isSupervised

Field Display: Supervised

Data Type: String

Field ID: CompanyName

Field Display: CompanyName

Data Type: String

Field ID: SubscriberCarrier

Field Display: Subscriber Carrier

Data Type: String

Field ID: userPrincipalName

Field Display: Primary User

Data Type: String

Field ID: managedDeviceOwnerType

Field Display: Ownership

Data Type: String

Field ID: physicalMemoryBytes

Field Display: Physical Memory Bytes

Data Type: String

Link Settings

This section is not applicable to the configuration. If you need more information about Link Settings, please contact Alemba Support for assistance.

Save your new Connector
Configure your Source
1. Navigate to System Admin>Integration>Sources
3. Select the Connector you just defined, in this example we called it "Connector Builder Test", but yours will likely be some version of Microsoft_InTune, etc...

Complete the Source Properties.

Source Properties

URL: https://graph.microsoft.com

Test URL: v1.0/deviceManagement/managedDevices

Manage Token:

Tokenname: Your Client Intune Token
Grant Type: client_credentials
Call back URL: https://yourclienturl.alembacloud.com/production/oauth2callback.htm
Authorization URL: https://login.microsoftonline.com/{Azure Tenant ID}/oauth2/v2.0/authorize
Access Token URL: https://login.microsoftonline.com/{Azure Tenant ID}/oauth2/v2.0/token
Client ID: Value from the Azure App Registration
Client Secret: The secret created for the App Registration
Scope: https://graph.microsoft.com/.default
State: Any secret value E.g. A complex password

Map Your Fields Under Resources

Please note that there are several fields that bring back data as bytes including Total and Free Storage space in Microsoft Intune. If you wish to convert these to GB then you would need to use the transform function in ASM, for example: Math.Round(Convert.toDecimal(PhysicalMemoryinBytes)/1073741824,2)

Set up the integration's scheduled scan

Last updated 2 days ago

Was this helpful?