Skip to main content

Intune Integration

Stopino
  • Updated

High-Level Information About Intune Integration

To navigate to our Intune Integration, please go to Settings >Integrations > Intune Integration

Here are some high-level notes before we get into the steps of the integration setup:

  • IMPORTANT! Because of the technical knowledge required, your district’s IT administrator (or someone with a similar role) will most likely need to perform this procedure to sync Intune to ML Work Orders.
  • Once the Intune integration is active, you will see a green banner message posted at the top of the page.
  • The Intune integration will auto-sync every 24 hours.
  • Once the Intune Device is synced in, ONLY the mapped fields on the asset record can not be edited, otherwise, most fields on the Asset record will still be editable

  • Asset Creation in ML Work Orders

    • The integration keys in on the serial number of the Intune device to uniquely identify the device. 
    • If the integration finds a match on the serial number, it will update the existing ML Work Order asset record with the information from the Intune platform, otherwise, it will make a brand new asset record

 

Intune Device Integration

 

Step 1: Connection Tab within ML Work Orders

 

To use Microsoft Intune with the Destiny Resource Manager Mobile Device Management (MDM) Integration feature, you need to do some setup.


To connect Microsoft Entra to Destiny Mobile Device Management (MDM), the following three credentials are required from the Microsoft Entra admin center:

1. Tenant ID:

  • To find the Tenant ID, select Identity > Overview.

Microsoft Entra admin center homepage

 

2. Client ID

1. Select Identity > Applications > App Registrations

2. Enter a name, such as MasterLibrary (recommended).
3. Under Supported account types, select Accounts in this organizational directory only (MSFT only - Single tenant).

 

After you register, your Client ID appears under App registrations > Overview.

 

3. Client Secret:
1. Select Applications > App registrations > Destiny.
2. Under Manage, select Certificates & secrets.

Microsoft Entra certificates and secrets page

 

3. Click + New client secret. The 'Add a client secret' pop-up appears.

 

4. Enter a name in the Description field, and select an expiration date from the drop-down.

Note: Once the secret is created, its value is visible until the page is closed.

Important: Client secret values can only be viewed immediately after creation. Be sure to save the secret before leaving the page.

 

Once you have the Tenant ID, Client ID and Client Secret entered in the connection tab, select "Save"

 

API Permissions

To use all of the features available in Destiny Mobile Device Management (MDM), an application must have related privileges and access levels set up. This lets you read and write data, when needed.

1. Sign in to the Microsoft Entra admin center.
2. If you have access to multiple tenants, in the top right corner, click the settings icon, setting icon. Then, select the desired Directory name.
3. Select Identity > Applications > App registrations > All applications and select your client application

4. Select API permissions > + Add a permission.

  • Note: This is different from your web API.

 

5. On the Request API permissions page, click Microsoft Graph.

Request API permissions for Microsoft Graph

  1. Add the following permissions:
    1. Delegated permissions:
      1. User.read
    2. Application permissions:
      1. AuditLog.Read.All
      2. BrowserSiteLists.Read.All
      3. Device.Read.All
      4. Device.ReadWrite.All
      5. DeviceManagementConfiguration.Read.All

      6. DeviceManagementConfiguration.ReadWrite.All

      7. DeviceManagementManagedDevices.PrivilegedOperations.All

      8. DeviceManagementManagedDevices.Read.All

      9. DeviceManagementManagedDevices.ReadWrite.All

      10. DeviceManagementRBAC.Read.All

      11. DeviceManagementRBAC.ReadWrite.All

      12. DeviceManagementServiceConfig.Read.All

      13. Directory.Read.All

      14. Directory.ReadWrite.All

      15. Directory.Write.Restricted

      16. Group.Create

      17. Group.Read.All

      18. Group.ReadWrite.All

      19. GroupMember.Read.All

      20. GroupMember.ReadWrite.All

      21. Place.Read.All

After these permissions have been added, they will appear as a list of configured permissions.

 

Once you updated the API permissions, come back to the connection tab of the Intune Integration of ML Work Orders and select "Test"

 

You should see a "Test Passed! Account found." message, like in the below screenshot

 

Once your test has passed, please select the "Next" button to continue onto Step 2 "Field Mapping".

 

Step 2: Field Mapping Tab

This integration will auto-map the serial # and the Model field to ML Work Orders Serial # and Model fields. The Field mapping offers customization for which field you would like to map to the ML Work Order Asset Name field. The following fields are options:

  1. Serial #
  2. Mobile Device Name

Note: We are keying in on the serial # field in ML Work Orders/Intune to indicate if a Intune device will update an existing asset in ML Work Orders or create a new asset record in ML Work Orders.

 

Once your field mapping is finished, please select "Next" to start your location mapping.

 

Step 3: Sync Data Tab within ML Work Orders

 

1. Select "+Add Device Category"

2. Select The Intune Device Category you would like to bring into ML Work Orders

 

 

3. Select a Building

  • Note the building of the asset can change after it's synced into ML Work Orders. This is just the "initial" building for the assets)

4. Select a Space

  • Note the Space of the asset can change after it's synced into ML Work Orders. This is just the "initial" space for the assets)

5. The Active Checkbox will default to being checked. Keep this checked if you want this Intune Device Category to continue its sync.

6. Select Save

7. Select OK and the sync data tab will refresh with your newly added Device Category

8. Select the icon on the right side of the grid to initiate the sync process for the Device Category

  • The Sync process can take a while depending on how many devices are in your Device Category. So in the meantime, this load message will display

9. Once the sync is completed, a new prompt will display.

  • Total Intune Device
    1. Total Devices records part of the Device Category. The other field counts should add up to this number.
  • Total Asset Updated (Note - this will only display if you already have Intune devices as Assets in MLW)
    1. This count represents the number of assets in MLW that had a matching serial # in Intune and therefore were updated.
  • Total Asset Added
    1. Newly created asset records in MLW

10. Select OK and the Sync is now set up for this Device Category!

  • NOTE: Now that the Device Category is manually synced, it will be part of the nightly sync that happens every night. If you would like to ad-hoc sync this Device Category anytime, feel free to select the icon again

Intune Field Display in ML Work Orders

The following areas will display the remaining Intune fields synced in ML Work Orders:

  1. Assets -> View All Assets - there will be an Intune Icon () on the right side of the row.
  2. Assets -> View All Assets -> Selecting Asset Name link. On the main asset page there will be a Intune icon () to the right of the Asset Name (top left of page).

Selecting theicon at either location will open up a window with all available Intune device fields and their associated values.

 

Checking Out Intune Assets in ML Work Orders

In ML Work Orders you can check-out synced Intune device asset records under the following conditions:

  1. The Intune device Asset record must have an asset status of "Available" or blank.
  2. Make sure the Asset Type of the Intune Device Asset record has the asset type setting checked for being allowed to be checked out.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk