Microsoft Intune

📘

TL;DR

To integrate Microsoft Intune with Query:

• Configure the required connection parameters in Microsoft Graph Security API mentioned in the 'Prerequisites' section of this document.
• Add a Microsoft Intune connection source in Query with the connection parameters.
• Test the integration with Test connection link.
• Perform searches for managed devices and users.

Overview

Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints. By integrating it with Query you can:

• Search and gather context on managed Windows devices and their users.

Prerequisites

Configuring Microsoft Graph API to access Microsoft Intune.

You must do the following steps to use the APIs and create the connection credentials. You can access Microsoft Graph API with Application Context or User Context. Query will use the Application Context (Link) to access the API.

You must do the following steps to create the connection credentials:

• Create an Azure Active Directory application for Intune.
• Get an access token using this application.
• Provide Microsoft Graph permissions (Application permissions) for Intune - https://learn.microsoft.com/en-us/graph/permissions-reference

Microsoft Graph API permissions

The following API permissions, at a minimum, are necessary for Query to search Microsoft Graph API to search for Intune information.

• Device.Read.All
• DeviceLocalCredential.Read.All
• DeviceManagementApps.Read.All
• DeviceManagementConfiguration.Read.All
• DeviceManagementManagedDevices.Read.All
• DeviceManagementRBAC.Read.All
• DeviceManagementServiceConfig.Read.All
• User.Read
• User.Read.All

Make sure you have the following connection parameters from Microsoft Graph to add it as a connection source in Query.

• Server URL - The API access URL
• Tenant ID - Azure Tenant ID
• Client ID - Azure Client/Application ID
• Client Secret - Azure Client Secret
• API Version - Intune supports API versions 'v1.0' and 'beta.'

Adding a connection source in Query

1. Go to the Connections page, click Add Connections, and select Microsoft Intune source from the Mobile Device Management Category.
2. In the General tab, add the following details:
   • Server URL - The API access URL
   • Tenant ID - Azure Tenant ID
   • Client ID - Azure Client/Application ID
   • Client Secret - Azure Client Secret
   • API Version - Intune supports API versions 'v1.0' and 'beta.' Please select 'beta'.
3. Click the Save button on the top right corner of the screen to save the connection source.
4. To test the connection credentials, click on 'Test Connection.' You will see a successful connection message if the credentials are valid. If the test connection fails, check if the connection parameters are correct. If necessary, change appropriately and retest.

Resources

• Working with Intune in Microsoft Graph : [Link]