Skip to main content

Intune Autodiscovery

Microsoft Intune is a cloud-based service for mobile device management (MDM) and mobile application management (MAM). Device42 Intune discovery identifies mobile devices and software managed by Intune, bringing that data into Device42 for centralized visibility.

This page covers the prerequisites, configuration options, and steps to create and schedule an Intune discovery job.

note

Intune discovery imports devices individually instead of in one large block that could time out for very large installations.

Prerequisites and Permissions

Before creating an Intune discovery job, ensure that you have an active Intune license.

You also need the application permissions required for the discovery job. Navigate to the Azure portal and grant admin consent for the following application permissions:

  • DeviceManagementApps.Read.All
  • DeviceManagementManagedDevices.Read.All
  • User.Read.All

Do not use delegated credentials for Intune discovery jobs.

Create an Intune Discovery Job

Navigate to Discovery > Cloud and click Create.

  • Select Intune from the Type dropdown menu.
  • Enter a Name and URL (for example: https://login.microsoftonline.com/[tenant domain or ID]) for the discovery job.
Add new Intune discovery jobAdd new Intune discovery job

Open the Azure portal and register an application on the same tenant as Intune.

  • Navigate to Azure Active Directory > Enterprise Applications > New Application > Create Your Own Application.
  • Name your application and select the Integrate any other application you don’t find in the gallery (Non-gallery) option.

Once your application has been created:

  • Navigate back to the top-level directory you created the app in and choose App Registrations.
  • Select your newly created app and note the Application (client) ID. This is used as the Client ID in Device42.
  • Select Certificates & Secrets and then New Client Secret.
  • Give your secret an optional description and an expiration date, and select Add.
  • Note the string in the Value column, as it will be used as the Client Credential for Device42 discovery.

Go back to the Device42 discovery job page:

  • Add the Azure Client ID to the discovery job Client Id field.
  • Add the Azure Secret value to the discovery job Client Credential field.
Add new Intune discovery job - CredentialsAdd new Intune discovery job - Credentials

Intune Discovery Job Options

The following additional options are available:

Add new Intune discovery jobAdd new Intune discovery job
  • Choose to Overwrite existing device hostname with discovered hostname.
  • Select Strip Domain Name to remove the domain name (everything after the first period) from the discovered name.
  • Set an Object category for discovered devices to assign a specific category to discovered devices.
  • Set a job Service Level (for example, "Development", "Deployment", or "Production") to apply to the discovered items. See Service Level and Object Category Options for details.
  • Enter comma-separated Tags for discovered devices.
Add new Intune discovery jobAdd new Intune discovery job
  • Select or add a specific Customer for discovered devices.
  • Set the Debug level for the job.
  • Select Discover Software to detect managed software applications. As of version 19.06, discovery only imports software with an "installed" status. All other provisioned software records are ignored, as their installation status cannot be guaranteed.
  • Set the Initial Software Type for discovered software.
  • Set the category of Intune Device Ownership to discover "All", "Corporate", or "Personal" devices.
  • Enter any Notes for the job.

Schedule the Intune Discovery Job

Schedule the Intune discovery job to run automatically.

Schedule the jobSchedule the job

Run the Intune Discovery Job

After clicking Save, the job details page is displayed. Click Run Now to start the job at any time. You can also run the job from the Cloud Autodiscovery list page using the Run Now button.

Run Now button on list pageRun Now button on list page

Intune OS Names

Intune OS data has lower precedence than data from more authoritative sources, like OS-level discovery. For example, the Device42 agent will pick up "Microsoft Windows 10 Enterprise" more quickly than the generic Intune name "Windows". The lower precedence ensures more detailed OS names are collected, enhancing the data-filtering capability of the agent.

Rename Intune Devices

Devices within Intune are renamed during the build process. If a device name is not updated as expected following Device42 discovery, or after being renamed and updated in Intune, ensure the Overwrite existing device hostname with discovered hostname option is enabled.

Overwrite device nameOverwrite device name