Intune Connector

Modified on Tue, 15 Oct at 10:56 AM

TABLE OF CONTENTS


Introduction

Microsoft Intune is a cloud-based service that is part of the Microsoft Endpoint Manager suite. It is used for managing and securing mobile devices, applications, and PCs within an organization. Intune allows administrators to enforce policies, deploy applications, and ensure compliance across a wide range of devices, including Windows, iOS, Android, and macOS.


The ManagementStudio Intune connector requires an App to be created on the client’s Azure instance with the appropriate permissions and access rights. Please refer to this article on how to create the Azure App.  The connector is used to pull in data from the Intune platform.


The Intune Connector consist of the following panels:

  • Intune Discovery Status
  • Import Managed Applications
  • Import Discovered Applications
  • Import Devices
  • Device Update Options
  • Mapping Rules
  • Connection Options
  • Troubleshooting


An Administrator has the ability to toggle each of the panel OFF/ON based on requirements


Best Practice Guidelines

See here.


Intune Discovery Status

The table below provides information on the elements within this panel.


UI ElementDescription
Run Intune Discovery Now (1)A button to allow an Admin to run the Intune discovery now.
Schedule Intune Discovery #1 (2)Specify the times to run the Intune Discovery. Please refer to this article on how to create a scheduled task.
Schedule Intune Discovery #2 (3)Specify the times to run the Intune Discovery. Please refer to this article on how to create a scheduled task.
Last Discovery Date (4)Displays the last time the Intune connector ran successfully.
Azure TenantId (5)Specify your Microsoft 365 Tenant ID. Refer to this article on how to find your Azure AD tenant ID.
App Client Id (6)Specify the unique Application ID assigned to your app by Azure AD when the app was registered. You can find the Application (Client) ID on the Overview page for the application in Identity > Applications > Enterprise applications. Refer to this article for more information on the App Client ID.
Email logs To (7)List of email address to email a copy of the logs at the end of the sync. Use ; for multiple list of emails e.g.  [email protected];[email protected].
Overall Progress (8)Displays the overall progress.
Current Task Progress (9)Displays the current task progress.
Import Log (10)Text box used to display the connector logs




Import Managed Applications

Managed apps in Intune refer to apps that have been provisioned and deployed through the Intune UI.

The table below provides information on the elements within this panel.


UI ElementDescription
Don't Update Locked Apps (1)This option will not update an Application record that is locked in ManagementStudio. NB this is not related to an Application locked in Intune.
Auto Accept New Managed Apps (2)Enabling this option will auto accept new managed applications.
Platform Filter (3)Import only Managed Applications with the selected platform. 
Apps Field Mappings (4)List of Azure AD fields to copy into ManagementStudio. Built in Azure AD User fields can be mapped to fields in ManagementStudio. By default ManagementStudio will create the most common mappings. When importing data from Azure AD, MS uses a simple convention:
  • Target - This is a field in ManagementStudio, this can be a Detail Field, Custom Field or a Blueprint.
  • MS Field - This is the path to the ManagementStudio field or name of the field used.
  • Intune Field - This is the attribute of an Intune Application object. Any Intune attribute can be used as the Intune field and ManagementStudio has some built in special mechanism for transforming the AD data.

Add Intune Applications to Blueprint (5)Enabling this option will add the Intune Applications to a Blueprint.
App Blueprint Root (6)Define the App Blueprint Root.






Import Discovered Applications

Discovered apps are applications that Intune has found installed on users' devices through the 'Add/Remove Programs' feature. It is recommended that only Apps with a valid Vendor be imported.

The table below provides information on the elements within this panel.


UI ElementDescription
Import Store Applications (1)Include installed Apps that came from the Microsoft Store.
Platform Filter (2)Import only Discovered Applications with the selected platform. 
Force Import ARP Apps with no vendor (3)(Not Recommended) This option will Import Add/Remove program apps where the Vendor details is Blank.
Add Intune Applications to Blueprint (4)Enabling this option will add the Intune Applications to a Blueprint.
App Blueprint Root (5)Define the App Blueprint Root.



Import Devices

The table below provides information on the elements within this panel.


UI ElementDescription
Device Last Activity , X Days (1)Only import Devices that have azure activity in the last X days. Use '0' for no filter.
Filter by OS Name (2)Limit imported devices based on the selected OS name.
Filter By Ownership (3)Limit the imported devices based on the selected Ownership.
Exclude Devices (Hostname filter) (4)Exclude devices where the Hostnames matches the filter.
Only Include Devices (Hostname filter) (5)Only import devices where the Hostnames matches theses filter. Comma delimited list with * as a wild character. e.g. PC00001, PC00*, *Test*.




Device Update Options

The table below provides information on the elements within this panel.

UI ElementDescription
Don't Update Locked Devices (1)This option will not update a Device record that is locked in ManagementStudio. NB this is not related to a Device locked in Intune.
Device Field Mappings (2)List of Intune device fields to copy into ManagementStudio. Built in Intune Device fields can be mapped to fields in ManagementStudio. By default ManagementStudio will create the most common mappings.
When importing data from Intune, MS uses a simple convention:
  • Target - This is a field in ManagementStudio, this can be a Detail Field, Custom Field or a Blueprint.
  • MS Field - This is the path to the ManagementStudio field or name of the field used.
  • Intune Field - This is the attribute of an InTune Device object. Any Device Intune attribute can be used as the Intune field and ManagementStudio has some built in special mechanism for transforming the AD data.

Add Intune Devices to Blueprint (3)Enabling this option will add the Intune Devices to a Blueprint.
Add to Blueprint (4)Define the Device Blueprint Root.





Mapping Rules




Connection Options

The table below provides information on the elements within this panel.


UI ElementDescription
Azure Account Username (1)Enter the Username to use to authenticate with the Azure AD.
Azure Account Password (2)Enter the Password to use to authenticate with the Azure AD.

Azure App Client Secret (3)Enter the App Client Secret that was created when the app was registered.
Azure App Client Secret Expiry (4)Enter the App Client Secret expiry date.
Use Proxy Server for Internet Access (5)Enable this option to connect to the internet via a proxy server.
Proxy Server Address (Leave Blank for auto detect (6)Specify proxy address. 
Proxy Account Username (7)Enter the proxy account username. Leave Username/Password blank to use ManagementStudio service account
Proxy Account Password (8)Enter the proxy account password. Leave Username/Password blank to use ManagementStudio service account



Troubleshooting

The table below provides information on the elements within this panel.


UI ElementDescription
Notes (1)Text field used to enter information about the project environment.
Online Help ()
Link to the Online solutions article.
Verbose Logging (3)This option generates large files and should only be enabled for troubleshooting.
Log Headers (4)This option generates large files and should only be enabled for troubleshooting.
Log Payload (5)This option generates large files and should only be enabled for troubleshooting.
Anonymise Data (6)Anonymised data will only import bare minimum data to be able to create User-App-Device links. The SamAccount/Device name will be scrambled.




Intune Connection

ManagementStudio Intune connector requires an App to be created on the client’s Azure instance with the appropriate permissions and access rights. Please refer to this article on how to create the Azure App. To connect to an Intune instance fill in the TenantId of the Azure Instance, the Client Id of the Azure app, and either a user/pass or secret key. 


  • Switch to Administration->Extensions->Connectors (1)
  • Click Add New Connector (2)
  • Select Intune (3)
  • Enter the name of the Intune connector
  • Click OK



  • Enter your Azure TenantId (1) and App ClientId (2) within the Intune Discovery panel



  • Scroll down to the Connection options panel
  • You have the option of connect using an Azure Account Username and Azure Account password (1) OR
  • Using an Azure App Client Secret (2).
  • In the screenshot below, we are using the Azure App Client secret (2)


  • Click Save Changes located at the top of the screen
  • Toggle ON the required panels and specify the settings in each panel
  • Click Save Changes (1)
  • Click Run Intune Discovery (2)
  • Click Continue
  • Within a few minutes, click Reload (3)
  • You should now see the Import Log (4) being populated
  • To Schedule the Azure Ad connector to run at set intervals, please refer to this article for more information




Further Support

If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.