Skip to main content

Intune

Description

The Intune plugin lets you manage devices enrolled in Microsoft Intune from your workflows. It supports retiring, wiping, remotely locking, and deleting devices by their device ID. The plugin authenticates using a Tenant ID, Client ID, and Client Secret from your Azure app registration. Use this plugin when your workflows need to automate mobile device management tasks like decommissioning lost devices, enforcing security on compromised devices, or cleaning up device records.

Prerequisites:

  • Create Intune instance with access details and Intune Credentials - On Azure Portal: https://portal.azure.com/

  • Create Credentials for Intune: Steps to generate Credentials (Tenant ID and Client ID and Client Secret):

    • Credentials for Intune include Tenant ID, Client ID and Client Secret.
    • Login to Azure AD with Global Administrator account type. Global Administrator account type can access all the managed content (Devices and Applications) APIs by creating an application.
      Use the portal (portal.azure.com) to create an Azure AD Application and Service Principal (Global Administrator) that can access resources. Note: the Tenant ID and Client ID of the Application.
    • Create a new Application Secret/Client Secret.

  • The following permissions are required:

Permission typePermission (from least to most privileged)
ApplicationDeviceManagementManagedDevices.PrivilegedOperations.All,DeviceManagementManagedDevices.ReadWrite.All

Refer Intune- Generate Client Credentials to generate Credentials and assign the permissions mentioned in the table above.

References

  • Manage Devices with Microsoft Endpoint: http://endpoint.microsoft.com/
  • Intune Device Enrollment: https://docs.microsoft.com/en-us/mem/intune/enrollment/
  • API Reference: https://docs.microsoft.com/en-us/graph/api/resources/intune-graph-overview?view=graph-rest-1.0
  • https://docs.microsoft.com/en-us/mem/intune/
  • https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis
  • Supported operating systems and browsers in Intune
    https://docs.microsoft.com/en-us/mem/intune/fundamentals/supported-devices-browsers

Notes

  • The Plugin has been tested on Android and Windows devices
  • Remote lock operation is not supported by 'Windows' devices, so Remote Lock By Device ID/Username plugins are not applicable for Windows devices.
  • Device ID Type: 'Phone number' and 'IMEI' is only supported for cellular devices.
Last updated on