Microsoft Intune

  • Published on Nov 3, 2024
Prev Next

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

🚧 Before you begin

To complete these steps you’ll need an Azure admin user.

Overview

Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across devices, including mobile devices, desktop computers, and virtual endpoints.

Microsoft Intune devices are being integrated as assets tagging entities within Hunters pipeline and are being segmented based on their health state provided by Intune.

Supported data types

Managed devices

Table namemicrosoft_intune_managed_devices

Intune Managed Devices refer to the smartphones, tablets, and computers managed by Intune, providing organizations the ability to control access to corporate information, enforce security policies, deploy software and applications, and perform remote actions like wiping a device if it gets lost or stolen.

Learn more here.

Send data to Hunters

To set up ingestion from Microsoft Intune you’ll need to perform the following steps:

STEP 1: Register Your Application

The steps below are based on the official Microsoft guide.

  1. In the Azure portal home screen, open the side menu and click Microsoft Entra ID.
    image.png

  2. Now, from the side menu click Manage > App registration.
    The App registration menu opens.

  3. From the upper menu, click New registration.
    The Register an application window opens.
    image

  4. Under the Name field, enter a descriptive name.

  5. Under the Redirect URI section, select Web platform and paste http://localhost:5110 in the URL field.

  6. Click Register.
    The application window opens.
    image

  7. From the side menu, click API permissions.
    The Request API permissions panel opens.

  8. Click Add a permission.
    image

  9. Scroll down to locate the Microsoft Graph tile and click on it.

  10. Select the Delegated permissions type and search for DeviceManagementManagedDevices.Read.All and add it.

  11. Now select the Application permissions type and search for DeviceManagementManagedDevices.Read.All and add it.

  12. Click Add permissions to close the panel and return to the application window.

  13. Click Grant admin consent for directory to grant admin permissions.

STEP 2: Retrieve the required information

  1. From the side menu, click Certificates & secrets.

  2. Click New client secret to open the client secret panel.

    ms365-8

  3. In the Description field, enter a descriptive title.

  4. From the Expires dropdown list, select 24 months.

  5. Click Add to add the secret.

    ms365-9


    The secret now appears under the Client secrets list.

  6. Copy the Value and save it for later use.

    ms365-10

❗️IMPORTANT

After a while, the client secret value will be hidden from view and you will not be able to retrieve it again.

  1. On Azure Entra ID, from the application window, click Overview from the side menu.

  2. Locate the Application (client) ID and the Directory (tenant) ID values, copy them, and save for later use.

    ms365-11

STEP 3: Enter information on Hunters

Finally, to provide Hunters with the required keys, follow this guide. Make sure to provide the following details:

  • Tenant ID

  • Client ID

  • Client Secret

Log samples

{"id": "1234", "userId": "1234", "deviceName": "name", "managedDeviceOwnerType": "company", "enrolledDateTime": "2021-10-28T17:58:38Z", "lastSyncDateTime": "2023-05-10T14:46:26Z", "operatingSystem": "Windows", "complianceState": "compliant", "jailBroken": "Unknown", "managementAgent": "mdm", "osVersion": "10.0.19044.2846", "easActivated": true, "easDeviceId": "1234", "easActivationDateTime": "0001-01-01T20:54:00", "azureADRegistered": true, "deviceEnrollmentType": "windowsCoManagement", "activationLockBypassCode": null, "emailAddress": "user@domain.com", "azureADDeviceId": "1234", "deviceRegistrationState": "registered", "deviceCategoryDisplayName": "Unknown", "isSupervised": false, "exchangeLastSuccessfulSyncDateTime": "0001-01-01T20:54:00", "exchangeAccessState": "none", "exchangeAccessStateReason": "none", "remoteAssistanceSessionUrl": null, "remoteAssistanceSessionErrorDetails": null, "isEncrypted": true, "userPrincipalName": "user@domain.com", "model": "20XW004DUS", "manufacturer": "LENOVO", "imei": "", "complianceGracePeriodExpirationDateTime": "9999-12-31T23:59:59Z", "serialNumber": "1234", "phoneNumber": "", "androidSecurityPatchLevel": "", "userDisplayName": "user", "configurationManagerClientEnabledFeatures": null, "wiFiMacAddress": "11111", "deviceHealthAttestationState": null, "subscriberCarrier": "", "meid": "", "totalStorageSpaceInBytes": 510770806784, "freeStorageSpaceInBytes": 417142407168, "managedDeviceName": "user", "partnerReportedThreatState": "unknown", "requireUserEnrollmentApproval": null, "managementCertificateExpirationDate": "2024-01-22T02:02:41Z", "iccid": null, "udid": null, "notes": null, "ethernetMacAddress": null, "physicalMemoryInBytes": 0, "deviceActionResults": []}