Microsoft Intune is an endpoint management solution that manages user access to organizational resources. When integrated with ServiceDesk Plus Cloud, you can import asset information from Microsoft Intune into ServiceDesk Plus Cloud.
Supported Assets: Mobile Devices and Workstations
Supported OS: Windows, Mac OS, Android, and iOS.
Role Required: SDAdmin; Users with global administrator, Intune administrator, or privileged administrator role.
Only the SDAdmin with a Microsoft Intune account can set up the integration for the first time. After enabling the initial integration, any SDAdmin can enable/disable the integration.
To enable Microsoft Intune integration,
Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
On the Microsoft Intune card, click the toggle button to enable integration.
When enabling MS Intune integration, select actions that can be performed on the assets within ServiceDesk Plus Cloud.
The available actions are as follows:
|
Intune Actions |
Explanation |
|
Sync |
Forces devices to sync with Microsoft Intune and imports any pending actions or policies assigned to the devices. |
|
Wipe |
Restores devices to their default factory settings. Both organization and personal data will be removed from the devices. This action is not supported for macOS and iOS devices.
|
|
Restart |
Restarts the device without informing the device owner. |
|
Retire |
Removes the selected devices from Microsoft Intune and deletes its managed app data, settings, and assigned email profiles.
Retired devices will no longer have access to organization resources. |
|
Delete |
Removes selected devices from Microsoft Intune.
Deleted devices will no longer have access to organization resources.
|
|
Send Notification |
Sends custom messages to devices. The notifications will appear on the device lock screen. Intune custom notifications are not supported on macOS and Windows.
|
Under Conditions, configure actions to import devices from MS Intune into ServiceDesk Plus.
Preview the list of devices that will be synced into ServiceDesk Plus Cloud by clicking Preview Matching Assets (JSON).
Click Save to save the configurations, or Save and Sync to save the configurations and import the assets from MS Intune instantly.
The imported devices are stored under Assets > IT and classified as smartphones, tablets, or workstations.
The following information will be synced during the import
Product name and model
Device details like IMEI, serial number, network information, and operating system
The imported devices will contain the Microsoft Intune logo beside their name in the assets list view and on their details page. You can perform several Intune actions such as restart, sync, wipe, retire, send notifications, and delete on imported devices. Click here to learn more.
Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
On the Microsoft Intune card, click Synced info.
The synced information includes the number of assets that were Added, Updated, and Removed. You can also see details on the next scheduled sync.
Besides viewing the last sync information, you can use Sync now to sync the device manually.
SDAdmins can disable the Microsoft Intune integration at any time. After disabling, imported devices will remain in the application. However, the device information will not be synced with Microsoft Intune, and Intune actions cannot be performed on imported devices from the ServiceDesk Plus Cloud.
To disable Microsoft Intune Integration,
See also FAQs on Microsoft Intune Integration.
DeviceManagementManagedDevices.ReadWrite.All
Allows the app to read and write the properties of devices managed by Microsoft Intune; however, it does not allow high-impact operations such as remote wipes and password reset on the device's user.
DeviceManagementManagedDevices.Read.All
Allows the app to read the properties of devices managed by Microsoft Intune.
DeviceManagementManagedDevices.PrivilegedOperations.All
Allows the app to perform remote high-impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.
1. What are the possible causes of assets not being synced into ServiceDesk Plus Cloud from Microsoft Intune after enabling the integration?
Making API requests to retrieve devices from the Intune inventory might not work if the Microsoft account used for authorization doesn't have sufficient permissions in Intune. Make sure either a global administrator or an Intune service administrator account is used for the integration.
To check permissions in Intune,
Go to the Microsoft Endpoint Manager admin center and click Tenant administration > Roles > My permissions.
2. Can the SDAdmin use a different Microsoft account for the integrations if I have SSO enabled?
You cannot use any other Microsoft account besides the linked account for integrations when logging in with SSO.
To use another Microsoft account, disconnect the linked Microsoft account in Zoho Accounts > Linked accounts and then authorize using the new account credentials.
3. I have enabled Azure/User Sync integration using one Microsoft account. Can I use a different Microsoft account for Intune Integration?
You can only use one Microsoft account for all integrations. To change the Microsoft account for integrations,
Go to Setup > Users & Permissions > Requesters > Import Users > Import from Azure.
Click Disconnect Account and use a new account for the integration.
4. What is the information synced into ServiceDesk Plus Cloud from Microsoft Intune?
Workstations:
|
ServiceDesk Plus Cloud Fields |
MS Intune Fields |
|
Name |
Name |
|
Service Tag |
Serial number |
|
Serial Number |
Serial number |
|
Model |
Model |
|
Manufacturer |
Manufacturer |
|
Operating System |
Operating system |
|
Version (Operating System) |
Operating system version |
|
Wifi - MAC Address (Network Adapters) |
Wifi MAC |
|
Ethernet - MAC Address (Network Adapters) |
Ethernet MAC |
|
Capacity (Hard Disks) |
Total storage space |
Mobile devices:
|
ServiceDesk Plus Cloud Fields |
MS Intune Fields |
|
Name |
Name |
|
IMEI |
IMEI |
|
Serial Number |
Serial number |
|
Discovered Serial Number |
Serial number |
|
Product Manufacturer |
Manufacturer |
|
Product |
Model |
|
Ethernet - MAC Address (Network Adapters) |
Ethernet MAC |
|
Wifi - MAC Address (Network Adapters) |
Wifi MAC |
|
Platform (Operating System) |
Operating system |
|
OS Name (Operating System) |
Operating system |
|
OS Version (Operating System) |
Operating system version |
|
Total Capacity |
Total storage space |
|
Available Capacity |
Free storage space |
5. Why do the workstations imported from Microsoft Intune also appear under Unaudited Workstations?
Unaudited workstations list the workstations that have an unsuccessful scan status or have been unreachable by the probe.
In Intune integration, the asset is not scanned, but the asset information is pulled from Microsoft Intune.
Since the workstations created through the integration haven't interacted with the probe, their scan status isn't set. As a result, they appear under Unaudited Workstations.
6. What are the possible causes of assets of a specific model or product not syncing?
To ensure that devices are synced properly, verify whether the product type is set correctly.
The product type of a device must be set to either Workstation or Server for Windows and macOS devices, and either Smartphone or Tablet for Android and iOS devices. The product type can be viewed under Setup > Customization > Asset Management > Product.
7. How are existing workstations identified and updated in the application instead of being created as new workstations?
When workstations are synced from Microsoft Intune, ServiceDesk Plus Cloud will identify these workstations by their name and service tag.
If the synchronized workstation matches an existing workstation, the new data will replace the existing data.
If no workstation is found with the same properties, a new asset will be created with the newly synchronized workstation's name.
If multiple workstations have the same properties, one of the existing workstations will be updated randomly.
8. How are existing mobile devices identified and updated in the application instead of being created as new mobiles?
When mobile devices are synced from Microsoft Intune, ServiceDesk Plus Cloud will identify these devices by their serial number and IMEI.
If the serial number and IMEI match an existing device, the new data will replace the existing data.
If no mobile phone is found with the same properties, a new asset will be created with the newly synchronized mobile phone's serial number and IMEI.
If multiple mobile phones have the same properties, the data of one existing phone will be modified at random.
9. The customer is unable to consent to the integration. How to resolve the following error?
When the global administrator blocks their organization's users from consenting to the apps in Azure, the following error message occurs.
Follow the below steps to check if the user consent has been blocked or not.
Log in to the Microsoft Azure portal using the Global Administrator credentials.
Go to Azure Active Directory > Enterprise applications > Consent and permissions.
Select User consent setting. If the Do not allow user consent radio button is enabled under the User consent for applications, the organization users are not allowed to consent to the apps.