TABLE OF CONTENTS
Introduction
Microsoft Intune is a cloud-based service that is part of the Microsoft Endpoint Manager suite. It is used for managing and securing mobile devices, applications, and PCs within an organization. Intune allows administrators to enforce policies, deploy applications, and ensure compliance across a wide range of devices, including Windows, iOS, Android, and macOS.
The ManagementStudio Intune connector requires an App to be created on the client’s Azure instance with the appropriate permissions and access rights. Please refer to this article on how to create the Azure App. The connector is used to pull in data from the Intune platform.
The Intune Connector consist of the following panels:
- Intune Discovery Status
- Import Managed Applications
- Import Discovered Applications
- Mapping Rules
- Connection Options
- Troubleshooting
An Administrator has the ability to toggle each of the panel OFF/ON based on requirements
Intune Discovery Status
The table below provides information on the elements within this panel.
| UI Element | Description |
| Run Intune Discovery Now (1) | A button to allow an Admin to run the Intune discovery now. |
| Schedule Intune Discovery #1 (2) | Specify the times to run the Intune Discovery. Please refer to this article on how to create a scheduled task. |
| Schedule Intune Discovery #2 (3) | Specify the times to run the Intune Discovery. Please refer to this article on how to create a scheduled task. |
| Last Discovery Date (4) | Displays the last time the Intune connector ran successfully. |
| Azure TenantId (5) | Specify your Microsoft 365 Tenant ID. Refer to this article on how to find your Azure AD tenant ID. |
| App Client Id (6) | Specify the unique Application ID assigned to your app by Azure AD when the app was registered. Refer to this article on how to find App Client ID. |
| Email logs To (7) | List of email address to email a copy of the logs at the end of the sync. Use ; for multiple list of emails e.g. t@blog.com;T@managementstudio.co.uk. |
| Overall Progress (8) | Displays the overall progress. |
| Current Task Progress (9) | Displays the current task progress. |
| Import Log (10) | Text box used to display the connector logs |
Import Managed Applications
Managed apps in Intune refer to apps that have been provisioned and deployed through the Intune UI.
The table below provides information on the elements within this panel.
| UI Element | Description |
| Don't Update Locked Apps (1) | This option will not update an Application record that is locked in ManagementStudio. NB this is not related to an Application locked in Intune. |
| Auto Accept New Managed Apps (2) | Enabling this option will auto accept new managed applications. |
| Apps Field Mappings (3) | List of Azure AD fields to copy into ManagementStudio. Built in Azure AD User fields can be mapped to fields in ManagementStudio. By default ManagementStudio will create the most common mappings. When importing data from Azure AD, MS uses a simple convention:
|
| Add Intune Applications to Blueprint (4) | Enabling this option will add the Intune Applications to a Blueprint. |
| App Blueprint Root (5) | Define the App Blueprint Root. |
Import Discovered Applications
Discovered apps are applications that Intune has found installed on users' devices through the 'Add/Remove Programs' feature. It is recommended that only Apps with a valid Vendor be imported.
The table below provides information on the elements within this panel.
| UI Element | Description |
| Import Store Applications (1) | Include installed Apps that came from the Microsoft Store. |
| Force Import ARP Apps with no vendor (2) | (Not Recommended) This option will Import Add/Remove program apps where the Vendor details is Blank. |
| Replace Blank Vendor With (3) | Define what to replace the Blank Vendor apps with e. g Intune-No-Vendor |
| Add Intune Applications to Blueprint (4) | Enabling this option will add the Intune Applications to a Blueprint. |
| App Blueprint Root (5) | Define the App Blueprint Root. |
Import Devices
The table below provides information on the elements within this panel.
| UI Element | Description |
| Don't Update Locked Devices (1) | This option will not update a Device record that is locked in ManagementStudio. NB this is not related to a Device locked in Intune. |
| Device Field Mappings (2) | List of Intune device fields to copy into ManagementStudio. Built in Intune Device fields can be mapped to fields in ManagementStudio. By default ManagementStudio will create the most common mappings. When importing data from Intune, MS uses a simple convention:
|
| Add Intune Devices to Blueprint (3) | Enabling this option will add the Intune Devices to a Blueprint. |
| Add to Blueprint (4) | Define the Device Blueprint Root. |
Mapping Rules
The table below provides information on the elements within this panel.
Connection Options
The table below provides information on the elements within this panel.
| UI Element | Description |
| Azure Account Username (1) | Enter the Username to use to authenticate with the Azure AD. |
| Azure Account Password (2) | Enter the Password to use to authenticate with the Azure AD. |
| Azure App Client Secret (3) | Enter the App Client Secret that was created when the app was registered. |
| Azure App Client Secret Expiry (4) | Enter the App Client Secret expiry date. |
| Use Proxy Server for Internet Access (5) | Enable this option to connect to the internet via a proxy server. |
| Proxy Server Address (Leave Blank for auto detect (6) | Specify proxy address. |
| Proxy Account Username (7) | Enter the proxy account username. Leave Username/Password blank to use ManagementStudio service account |
| Proxy Account Password (8) | Enter the proxy account password. Leave Username/Password blank to use ManagementStudio service account |
Troubleshooting
The table below provides information on the elements within this panel.
| UI Element | Description |
| Notes (1) | Text field used to enter information about the project environment. |
| Verbose Logging (2) | This option generates large files and should only be enabled for troubleshooting. |
| Log Headers (3) | This option generates large files and should only be enabled for troubleshooting. |
| Log Payload (4) | This option generates large files and should only be enabled for troubleshooting. |
| Online Help (5) | Link to the Online solutions article. |
Intune Connection
ManagementStudio Intune connector requires an App to be created on the client’s Azure instance with the appropriate permissions and access rights. Please refer to this article on how to create the Azure App. To connect to an Intune instance fill in the TenantId of the Azure Instance, the Client Id of the Azure app, and either a user/pass or secret key.
- Switch to Administration->Extensions->Connectors (1)
- Click Add New Connector (2)
- Select Intune (3)
- Enter the name of the Intune connector
- Click OK
- Enter your Azure TenantId (1) and App ClientId (2) within the Intune Discovery panel
- Scroll down to the Connection options panel
- You have the option of connect using an Azure Account Username and Azure Account password (1) OR
- Using an Azure App Client Secret (2).
- In the screenshot below, we are using the Azure App Client secret (2)
- Click Save Changes located at the top of the screen
- Toggle ON the required panels and specify the settings in each panel
- Click Save Changes (1)
- Click Run Intune Discovery (2)
- Click Continue
- Within a few minutes, click Reload (3)
- You should now see the Import Log (4) being populated
- To Schedule the Azure Ad connector to run at set intervals, please refer to this article for more information
Further Support
If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.