Pre-requisites
1. Have access to the organization's Azure Application
2. Create a client app as a native app in Azure
3. Grant the client app access to the Microsoft Intune API
4. Have the Owner permission of the Intune app
Create a client app as a native app in Azure
Sign in to the Azure Active Directory admin center.
Choose Azure Active Directory > App Registrations to open the App registrations pane.
Select New app registration.
Type the app details:
a. Type a friendly name, such as 'Intune Data Warehouse Client' for the Name. b. Select Accounts in this organizational directory only (Microsoft only - Single-tenant) for the Supported account types.
c. Type a URL for the Redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclientSelect Register.
Note the Application (client) ID of this app. You will use the ID in the next section.
Grant the client app access to the Microsoft Intune API
You now have an app defined in Azure. Grant access from the native app to the Microsoft Intune API.
Sign in to the Azure Active Directory admin center.
Choose Azure Active Directory > App Registrations to open the App registrations pane.
Select the app that you need to grant access. You named the app something such as Intune Data Warehouse Client.
4. Select API permissions > Add permission.
5. Find and select the Intune API. It is named Microsoft Intune API.
6. Select Delegated Permissions box and click the Get data warehouse information from Microsoft Intune box.
7. Select Application Permissions box and click the Get data warehouse information from Microsoft Intune box.
8. Click Add Permissions.
Please note: the status for the permissions must be "Granted for your organization"
Otherwise, the following will appear and it will require the admin's consent
9. Select Certificates & secrets > + New client secret and generate a new secret. Make sure to copy it someplace safe because you won't be able to access it again.
Define Intune connector in Vulcan
On the Connectors page, click on Add a Connector and choose Intune. There are 4 fields needed to be filed from the Intune app. to fill the fields with the values you will have to enter the Intune app. to do so, please follow the next steps:
1. Enter the Azure portal and search for the Azure active directory service:
3. In the Azure active directory service, go to the App registration section, and search for the Intune Data Warehouse Client (Created in the first section of this article)
4. Click on the Intune Data Warehouse Client. We can find two of the connector fields: Client ID (Application ID) and Tenant (Directory).
Insert those 2 fields into the connector configuration fields.
5. Feed URL field:
Go to Microsoft Endpoint manager admin Center > Reports > Data warehouse > Copy the URL from OData feed for reporting service
(Please note to put the URL without "/" in the end)
The OData feed URL should look similar to the following:
(But may be slightly different from warehouse to warehouse)
6. Client Key field - to have the Client Key, enter the Certificates & secrets section:
Under "Client secrets", you can see the Secret key configuration. You can use the value generated in the previous section, or you can re-create a new client secret, and insert the value into the Client Key field in Vulcan:
7. Click "Create" and you are ready to go.
Intune data in Vulcan
Intune supported devices types: Windows, Mac, Desktop and MacMDM