Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM).
Lucidum uses the Intune connector to ingest data from Microsoft Intune.
Requirements #
To use the Intune Connector in Lucidum:
-
Before configuring the Microsoft Intune connector in Lucidum, you must first define a client in Azure. Lucidum will use the client and its secret to access Intune.
-
You can then configure the Intune connector in Lucidum and start ingesting data from Microsoft Intune.
Prerequisite: Creating a Client in Microsoft Azure #
If you are already using Lucidum to ingest data from Microsoft Azure and Azure AD, you have already created a read-only application in Azure that allows Lucidum to retrieve information from Azure and Azure Active Directory. You can use the same application to ingest data from Intune.
To edit the read-only application to allow access to the Intune API:
-
Go to (https://endpoint.microsoft.com/).
-
Click Reports > Intune data warehouse > Data Warehouse.
-
Copy the value in the field OData feed for reporting service.
-
In the copied URL, note the subdomain that appears before http://manage.microsoft.com . For example, if our value was:
https://fef.lucidum01.manage.microsoft.com/ReportingService/DataWarehouseFEService/
the subdomain is fef.lucidum01
-
To access the Intune API, use need the URL:
https://<intune subdomain>.manage.microsoft.com/ReportingService/DataWarehouseFEService/
NOTE: You must include the trailing backslash.
-
Log in to the Azure Active Director admin center (https://aad.portal.azure.com/).
-
Choose Azure Active Directory > App registrations.
-
Select the Lucidum app that you created for the Microsoft Azure connector.
-
Select API Permissions > Add permission.
-
Select Intune API.
-
Select the Application Permissions box and click Get data warehouse information.
-
Click Add permissions.
-
Similarly, add DeviceManagementApps.Read.All permission to the Lucidum app