Intune

What is Intune?

Intune is cloud-based service within the Microsoft 365 product family designed for endpoint management and security. It enables organizations to manage devices, applications, and user access by enforcing security policies, ensuring compliance, and safeguarding data across personal and corporate devices.

How is this integration useful?

Intune integration ensures secure authentication, seamless access, and centralized identity management. It enhances security, supports scalability, and simplifies compliance. This integration allows Entitle to manage Remote Desktop and Administrator permissions on PCs.

End-user experience

Prerequisites

• Intune uses Microsoft Intune to manage the permissions on endpoints. Therefore, to integrate it with Entitle you must:
  • Have an Intune license.
  • Endpoints should be managed by Intune.
• You must have an Admin account in Entitle.
• Access to your Entra ID Client ID, Client secret, and tenant ID.

Create an Application in Entra ID

1. Go to the Microsoft Azure portal.

2. Click on Microsoft Entra ID.

   

3. Click on the App Registrations tab in the left-side menu.

   

4. Click on New registration.

   

5. Give your app a Name and leave the rest as is. Then, click on Register.

   

6. Keep your Application (client) ID and Directory (tenant) ID for later. Then, click on Add a certificate or secret on the right side.

   

7. Click on New client secret.

   

8. In the pop-up window, choose a Description that you will remember and an expiration time of your choice. Keep in mind that you will have to create a new secret and hence a new integration when it expires. Once done, click Add.

   

9. Click on the copy icon to copy your new Client Secret Value and keep it for later.

   

Assign permissions to graph API

1. Go to API permissions.

   

2. Remove the existing permission by clicking on the "..." on the right, choose Remove all permissions, and finally click the Yes, remove button.

   

3. Click on Add a Permission.

   

4. Select Microsoft Graph.

   

5. Choose Application permissions.

   

6. Using the search bar that appears, search the following permissions and select them:

   JSON

   DeviceManagementConfiguration.ReadWrite.All
   DeviceManagementManagedDevices.Read.All
   Directory.ReadWrite.All
   Group.ReadWrite.All
   DeviceManagementManagedDevices.PrivilegedOperations.All **(This privilege enables immediate endpoint synchronization and permission activation. While not mandatory, without it you will need to wait for the next periodic Intune sync, which occurs every 8 hours by default. You can adjust this frequency as needed.)**
   

   Example:

   

7. When you are done selecting all five permissions, click on Add permissions at the bottom of the screen.

   

   Note: Even if the DeviceManagementManagedDevices.PrivilegedOperations.All permission is enabled, the change may take up to 10 minutes to take effect. This delay is due to Microsoft's systems.

8. Click Grant admin consent for Default Directory, and then click Yes.

   

Create the Intune integration in Entitle

All that is left to do is create an integration on the Entitle application.

1. Log into Entitle and navigate to the Integrations page.

2. After clicking the Add Integration button, type Entra Endpoint in the Application field.

3. Don’t forget to set the Save on field with your configuration, i.e. your own hosted agent or Entitle’s cloud.

   

4. In the Connection JSON client_id, secret, and tenant fields, paste the values of the Client ID, Client Secret, and the Directory (tenant) ID you previously extracted.

Example Connection JSON:

{
	"client_id": "The value of Application (client) ID",
  "secret": "The value of Client Secret",
  "tenant": "The value of Directory (tenant) ID"
}

5. Click Save. The Intune integration with Entitle now saves.