Intune
1. Introduction
Microsoft Intune is a secure cloud service that enables mobile device management and mobile application management. With Intune, you can manage how devices are used and enforce policies that allow you to control applications.
At the end of this document, you should know:
How Intune works.
How to Integrate with and how your organization would benefit from using Intune with Aisera.
2. Pre-requisites
Intune subscription: Intune is licensed as a stand-alone Azure service.
Microsoft Endpoint Manager Admin Centre access.
Create an Aisera Service User account.
Client Id.
Client Secret code.
Tenant Id.
3. Permissions, Security, and Access
3.1 Access
To access you will need the following rights:
Azure Active Directory Premium subscription.
Microsoft Intune subscription.
Global Administrator permissions.
3.2 Access using API’s
The Microsoft Graph API now supports Microsoft Intune with specific APIs and permission roles. The Microsoft Graph API uses Azure Active Directory (Azure AD) for authentication and access control.
Enable Access setting
Scope name
Perform user-impacting remote actions on Microsoft Intune devices
Read and write Microsoft Intune devices
Read Microsoft Intune devices
Read and write Microsoft Intune RBAC settings
Read Microsoft Intune RBAC settings
DeviceManagementRBAC.Read.All
Read and write Microsoft Intune apps
Read Microsoft Intune apps
Read and write Microsoft Intune Device Configuration and Policies
DeviceManagementConfiguration.ReadWrite.All
Read Microsoft Intune Device Configuration and Policies
Read and write Microsoft Intune configuration
Read Microsoft Intune configuration
DeviceManagementServiceConfig.Read.All
Here is the link to Intune API
https://learn.microsoft.com/en-us/graph/permissions-reference#intune-device-management-permissions
3.3 Aisera Access
You will need administrator access to perform all the below-mentioned tasks:
Setup Integration with Aisera.
Perform tasks in Azure like creating group, adding/remove members.
3.4 Connect Intune with Aisera
You will need the below information to make Intune connect with Aisera:
Client Id.
Refer to section 4 for the steps to create an Aisera Integration with Intune.
3.5 Permissions
In order to enroll you need to have some permissions.
Login to Microsoft azure.
Search for Azure Active Directory.
“Click” on Mobility (MDM and MAM).
“Click” on Microsoft Intune.
Here you can Specify which users' devices should be managed by Microsoft Intune.
3.6 Security
For details on Azure Tenant base permission refer the below link.
https://learn.microsoft.com/en-us/graph/permissions-reference#intune-device-management-permissions
4. Set up the integration in Aisera
Follow the steps below to set up the integration in Aisera.
Login into the Aisera portal.
Click on Settings > Integration > New Integration
Search for Intune, select the icon, and click Next:
Enter the Configuration details:
Name - Enter the name to be given to the integration
Endpoint - Enter the Intune URL to connect to
Public - Determines whether the integration can be used outside the firewall
Description: Enter the description (Optional)
Click Next
Enter the Authentication details:
Azure Tenant ID - Enter the Tenant ID
Client ID - Enter the Client ID
Client Secret - Enter Client Secret
7. Click OK
You have successfully integrated with Aisera.
5. Intune functionality in Azure
Using Intune you can run PowerShell script on multiple Windows servers. You can create multiple groups based on the requirement in Azure. Each group has members with whom there are devices associated. For example: If you need to install MS Visio for a set of people, a group can be created and all the set of people who need Visio can be added as a member with their respective device.
Login using the azure credentials.
In the search box type in “Groups”.
3. In the groups landing page search for your group.
4. “Click” on the you searched for.
The dashboard will display an overview of the group, like number of members, number of devices etc. The left-hand side of the screen provides all the details of the group. Clicking on each item will provide in-depth details.
Now go to the Microsoft Endpoint Management Manager.
5. “Click” Devices.
6. “Click” on All devices.
You will see the device listed here, this is the same device that is shown in the group in Azure.
7. Search for “Scripts” in the search box.
8. “Click” on Scripts.
This will display all the scripts.
Each script can be associated with a specific group. Once a script is associated a group, that script will be run on all the members of a Group.
Note - The execution of any is based on a schedule defined by Microsoft and is not Real-time. Azure syncs and runs the script on a pre-defined schedule. So, irrespective of when the script is added, and will only execute the script when the scheduler is run.
6. Run Intune from Aisera bot
Follow the below steps to run Intune from Aisera.
Login to your support portal.
“Click” on the bot.
3. Type in your group name.
4. “Click” on the group name from the result
Once you select the group, it will list all the devices associated with the group.
5. “Click” on Execute Power Shell Scripts
6. “Click” on the Power Shell scripts to execute.
A message is displayed stating Visio will be installed for all members of the group in the next sync.
7. Verify if the script is executed
You can view and verify if the script is executed and the job is successfully run on all systems in the group.
To check if the script is executed successfully:
Go to the Microsoft Endpoint Management Manager.
Search for the Script iD shown in the chatbot.
“Click” on the script,
The screen shows the number of devices the job is successfully run on and if errors if any,
You have successfully run Intune from the Aisera bot.
Last updated