Intune Integration

Introduction

The Intune integration pulls device data from Microsoft Intune into IT Glue. Tenants and device information will sync automatically, keeping your device information accurate and up to date.

Benefits of this integration include:

  • Match data between Microsoft tenants and existing IT Glue organizations.
  • Match data between Intune devices and existing IT Glue configurations.
  • Ability to compare data between IT Glue and Microsoft Intune.

The field mappings are created automatically when you follow this knowledgebase article. For more information, refer to our Microsoft Field Mapping topic.

If you already have an existing Microsoft Integration, you may skip down to the section “Add Permissions” to simply update your existing API connection to include the permissions required for the Intune integration.

Co-Pilot Smart Relate

Co-Pilot Smart Relate, the AI engine of IT Glue, automatically links related documentation, saving you the hassle. Through the Microsoft 365 integration, Co-Pilot automatically relates the Intune device (stored as an IT Glue Configuration) with the assigned M365 User (IT Glue Contact).

Prerequisites

  • Manager or Administrator access to IT Glue
  • Microsoft Cloud Partner certified to offer delegated administration (optional) 
  • Delegated admin permissions to each of your clients' tenants through your own Microsoft admin portal, rather than direct logins to their admin portals (optional) 

Configure Application

  1. Log in to your Microsoft Account.
    Sign_in_to_your_account.png
  2. In the left-hand sidebar, click Admin centers >  Azure Active Directory.
    Microsoft_365_admin_center_-_Home11.png
  3. In the new Dashboard window that opens, click Azure Active Directory > App registrations.
    Company_-_Azure_Active_Directory_admin_center11.png
  4. Click + New registration.
    Company_-_Azure_Active_Directory_admin_center22.png
  5. Complete the following actions in the Register an application screen.
    1. Name - Enter an application name that will be displayed to users of the app.

    2. Supported account types - Select the Accounts in any organizational directory and personal Microsoft accounts option to map to Azure AD only multi-tenant.

    3. Redirect URI (optional) - If desired, select Web in the drop-down menu and enter a URL for the app.
      Register_an_application_-_Azure_Active_Directory_admin_center.png

  6. Click the Register button at the bottom of the screen to access the newly created application.

Get Application ID and Tenant ID 

  1. In the left-hand column, click Azure Active Directory > App registrations and then All applications. Click on your newly configured application in the list.
    Company_-_Azure_Active_Directory_admin_center33.png
  2. Click the Copy to clipboard icon beside the Application ID and Directory ID (Tenant ID) and paste them into IT Glue. Refer to the Integrating Microsoft Intune with IT Glue section in this KB article.
    Screen_Shot_2020-12-09_at_12_12_35_PM.png

Generate secret key

  1. In the left-hand column, click Certificate & secrets and then + New client secret. An Add a client secret screen will appear.
    IT_Glue_Integration_2020_-_Azure_Active_Directory_admin_center44.png
  2. Add a description for your client secret, select 24 months under Expires and then Add.
    Screen_Shot_2022-02-01_at_12_42_53_PM.png
  3. In the Value column, click the Copy to clipboard icon beside the secret key and paste it in to IT Glue. Refer to the Integrating Microsoft with IT Glue section in this KB article.
    IT_Glue_Integration_2020_-_Azure_Active_Directory_admin_center55.png

Add Permissions

You will need to set up Microsoft API permissions to complete the process.

  1. Click API permissions in the left-hand menu.
    IT_Glue_Integration_2020_-_Azure_Active_Directory_admin_center66_1.png

IMPORTANT  You will see that Microsoft Graph has already assigned a default User.Read. permission. Click this permission and then Remove permission. Click Yes, remove to delete this permission.
IT_Glue_Integration_2020_-_Azure_Active_Directory_admin_center77.png

  1. Once the default permission is removed, click the + Add a permission button.
    IT_Glue_Integration_2020_-_Azure_Active_Directory_admin_center66_2.png
  2. In the Request API permissions screen, click the Microsoft Graph button.
    Request_API_permissions_-_Azure_Active_Directory_admin_center111.png
  3. Click Application permissions and complete the following actions for each of the subsections:
    1. Directory - Check the box beside Directory.ReadWrite.All.
    2. Reports - Check the box beside Reports.Read.All
    3. User - Check the box beside User.Read.All
    4. Devices - Check the box beside DeviceManagementManagedDevices.Read.All
      Screen_Shot_2022-01-31_at_3.58.22_PM.png
      Request_API_permissions_-_Azure_Active_Directory_admin_center-10.png
      Request_API_permissions_-_Azure_Active_Directory_admin_center-11.png

      DeviceManagementManaged_Devices_API_Permission.png
  4. Save the changes by clicking Add permissions at the bottom of the screen.
  5. In the API permissions main screen, click the Grant admin consent for Company button.
    Screen_Shot_2022-01-31_at_4.50.05_PM.png

NOTE   If you have a parent tenant, please update the application permission in the parent tenant to include all the Device/DeviceManagement permissions. Be sure to also grant admin consent.

  1. In the confirmation pop-up, click Yes.
    IT_Glue_Integration_2020_-_Azure_Active_Directory_admin_center777.png

Once consent is granted, you will see a confirmation banner at the top of the screen and that all permissions in the Status column reflect the same.

IMPORTANT  To recap, please ensure that you select the Directory.ReadWrite.All permission for Microsoft Graph (step 4).

Integrating Microsoft Intune with IT Glue

  1. In IT Glue, navigate to Admin > Integration and click the + New button. Then, click on the Microsoft button.
    Choose_A_platform.png
  2. Enter the information you copied from the "Get Application ID and Tenant ID" and "Generate secret key" sections of this KB article and click Connect.
    Sync_With_Microsoft.png
  3. After you enter your Microsoft login information in IT Glue, you'll be taken to the Sync your data with Microsoft screen. In the Intune tab, select the Sync Intune Devices option.

NOTE  The functionality to create configurations automatically will be available only after a full sync is done.
Intune_Sync_Settings.png

  1. Click the Save and continue button. The sync will be automatically queued in the Active Integrations main screen.
  2. By default, newly queued syncs are scheduled to take place at a later time. Use the manual sync option to prioritize the sync to start sooner. Click Actions and then Start Manual Sync.
    mceclip0.png

  3. From the Active Integrations screen, you can see the overall sync status. When the sync is complete, the Status column changes from Syncing... to OK.

View synced Devices

IT Glue discovers tenants and devices and tries to match them to your data in your account based on the following logic:

Rule

Matches On

Organization

 Tenant name

Configuration

 Intune Device Name, MAC, Serial. 

If no organization can be matched automatically, suggestions will be made based on name similarity. If no suggestions can be made, you will have the option to create a new organization.
Standard rules are used to associate RMM data to data that is already in your account. The sync will discover and attempt to associate data coming from your RMM to data in IT Glue (PSA, imported, or manually entered data) based on the following rules recorded mentioned in RMM Field Mappings.

  1. From Admin > Integrations, click on Actions and then Matching.
    Integrations___IT_Glue-2.png
  2. Start with the Unmatched filter to review unmatched organizations.
  3. If you're happy with the suggested match, click Accept Suggestion to accept it. You can also search and select a different organization using the Match To column. You can also choose to ignore organizations, which means they won't count as unmatched items in subsequent syncs.

IMPORTANT  Warning. If you don't see an organization, click Actions > Create Organization to create (import) it. Make sure you don't have an existing organization with a different name that you should match with first.

  1. Review all your unmatched organizations until they are all unmatched.
  2. If you change your mind about any of the matches, click Actions, select Change Match, and then manually search for and choose a different organization.
    Change_Match.png
  3. Once all organizations have been matched, the same process should be followed for any unmatched configurations. From the Matched tab, select an organization that has unmatched configurations, click the Actions button, and select Match Devices.
    Match_Devices.png
  4. For any unmatched configurations, you can either accept the suggested match, search for an IT Glue configuration by entering the name in the Match To column, or create a new configuration by clicking Actions > Create Configuration.
  5. Once everything is matched, you will need to start a new manual sync. Navigate to Admin > Integration > Actions > Start Manual Sync. This second manual sync will sync all contacts and organizations into IT Glue now that you've matched your organizations.
  6. When the sync is complete, click on any matched tenant to take you to the relevant organization. Then, click Configurations from the sidebar.
    Configurations.png
  7. Click on any Configuration that has corresponding Intune data and you will be able to see the additional data overlay.

  8. Once everything is matched, the RMM setup is complete. At any time, you can come back to these instructions to discover and match new organizations and configurations from your RMM.