Intune Autodiscovery
Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). An organization can control how its devices (including mobile phones, tablets, and laptops) are used and configure specific policies to control applications.
Intune autodiscovery identifies mobile devices and mobile application software managed by Intune.
In Device42 19.05, Intune discovery has been adjusted to import devices individually instead of in one large block that could time out for very large installations.
Intune Discovery Job Configuration
Before starting the autodiscovery job, ensure that you have an active Intune license.
You also need to make sure you have the application permissions required for a Device42 autodiscovery job. Navigate to the Azure portal and grant admin consent for the following application permissions:
DeviceManagementApps.Read.AllDeviceManagementManagedDevices.Read.AllUser.Read.All
Do not use delegated credentials for Intune autodiscovery jobs.
Create a New Intune Discovery Job
Navigate to Discovery > Cloud and click Create.
- Select Intune from the cloud autodiscovery Type: dropdown menu.
- Enter a Name and URL (for example:
https://login.microsoftonline.com/[tenant domain or ID]) for the discovery job.
Open the Azure portal and register an application on the same tenant as Intune.
- Navigate to Azure Active Directory > Enterprise Applications > New Application > Create Your Own Application.
- Name your application and select the Integrate any other application you don’t find in the gallery (Non-gallery) option.
Once your application has been created:
- Navigate back to the top-level directory you created the app in and choose App Registrations.
- Select your newly created app and make note of the Application (client) ID. This will be used as the Client ID in Device42.
- Select Certificates & Secrets and then New Client Secret.
- Give your secret an optional description and an expiration date, and select Add.
- Make a note of the string in the Value column, as it will be used as the Client Credential for Device42 discovery.
Go back to the Device42 discovery job page:
-
Add the Azure Client ID to the discovery job Client Id field.
-
Add the Azure Secret value to the discovery job Client Credential field.
Configuration Options
Optionally, you can also:
-
Choose to Overwrite existing device hostname with discovered hostname.
-
Select Strip Domain Name to remove the domain name (everything after the first period) from the discovered name.
-
Set an Object category for discovered devices to assign a specific category to discovered devices.
-
Set a job Service Level (for example, "Development", "Deployment", or "Production") to apply to the discovered items. See Service Level and Object Category Options for details.
-
Enter comma-separated Tags for discovered devices.
-
Select or add a specific Customer for discovered devices.
-
Set the Debug level for the job.
-
Choose to Discover Software to detect managed software applications. From 19.06, discovery will only bring in software with an 'installed' status. All other provisioned software records will be ignored as we cannot guarantee whether they are installed or not.
-
Set the Initial Software Type for discovered software.
-
Set the category of Intune Device Ownership to discover "All", "Corporate", or "Personal" devices.
-
Enter any Notes for the job.
Schedule the Intune Discovery Job
Schedule the Intune discovery job to run automatically.
Run the Intune Discovery Job
After clicking Save, the job details page will be displayed. Click Run Now to start the job at any time. You can also run the job from the Cloud Autodiscovery list page using the Run Now button.
Intune OS Names
Intune OS data has lower precedence than data from more authoritative sources, like OS-level discovery. For example, the Device42 agent will pick up "Microsoft Windows 10 Enterprise" more quickly than the generic Intune name "Windows". The lower precedence ensures more detailed OS names are collected, enhancing the data-filtering capability of the agent.
Renaming Intune Devices
Devices within Intune are renamed during the build process. If a device name is not updated as expected following Device42 autodiscovery, or after being renamed and updated in Intune, ensure the Overwrite existing device hostname with discovered hostname option is enabled.
