Enhance your Intune Mobile Device Management with AssetSonar’s Microsoft Intune Integration

What is Microsoft Intune?

Microsoft Intune is a leading cloud-based software that offers mobile device management (MDM) and mobile application management (MAM) to IT-intensive enterprises. It enables IT Admins to control how their organization’s Devices, such as mobile phones, tablets, and laptops, are used. Enroll organizational Devices and retain full control of aspects like security, features, and settings.

With Intune, you can also configure company-specific or team-specific policies to govern personal devices and applications used by your employees. It also promotes a bring-your-own-device (BYOD) culture by allowing employees to enroll specific applications of their devices into the Intune mobile device management software. Intune ensures that your company data stays protected by isolating organizational data from personal data using Azure AD.

How do you benefit from this integration?

The AssetSonar Microsoft Intune integration makes it easy to manage your Mobile Assets, including Android, iOS, and Windows smartphones and tablets. You can even manage laptops that have an application store built into them.

Our integration combines the skilled IT asset management capability of AssetSonar with Intune mobile device management to give you a real-time status of where your Mobile Assets are, who’s using them, and when they need servicing or disposal.

Mass import your mobile device data from Intune to save time and manual effort required to populate the AssetSonar account for individual devices.

Note: For every SIM-operated mobile device or tablet imported from Intune, AssetSonar tags the imported asset as a ‘Mobile Asset’. On the contrary, any tablet not operated using a SIM card will be tagged as an ‘IT Asset’ as such a device does not have an IMEI/MEID associated with it.

Benefits of AssetSonar’s Microsoft Intune integration

AssetSonar’s Microsoft Intune integration offers convenience to all IT professionals at the helm of dedicated Intune mobile device management (MDM). Here are the benefits:

Centralized ITAM database: AssetSonar imports data from various MDM software like Jamf, Microsoft Intune, and SCCM. This way, you have a consolidated database of both Apple and Windows Devices used within your enterprise. It doesn’t matter which MDM tool you use to fetch IT Asset data, you can manage them all from a single space.
Faster issue resolution: AssetSonar further integrates with ITSM solutions like Zendesk and Jira. You can access all your mobile Devices from within ITSM solutions and view custody and vendor details to speed up ticketing and issue resolution processes.
Non-intrusive MDM: Our hardware asset management software reduces security risk and facilitates non-intrusive MDM by importing data directly from the Microsoft Intune software deployed within your enterprise. Only the Mobile Asset details fetched by Intune are fetched into AssetSonar.

Let’s walk you through some basic steps to enable the Microsoft Intune integration in AssetSonar!

1. Enabling the Microsoft Intune integration

Note: To enable the integration, you must be a ‘Global Administrator’ or admin with privileges to grant permissions in your Microsoft Intune Endpoint Manager account.

To enable the integration, follow the pathway: Settings →Integrations → Microsoft Intune Integration→Enabled.

Enabling the Microsoft Intune integration 1

Click ‘Add Credentials’ to add the Application ID, Directory ID, and Client secret value. Here’s a glimpse of the dialog box that pops up:

To access your Application ID, Directory ID, and Client secret value, please follow these steps:

1. Login to your Azure Account and go to ‘App registrations.’

2. On the App Registrations page, click ‘New Registration.‘

3. Here, you can enter a name for this application. For our example, we’ll use Intune AssetSonar as the application name.

4. Select supported account types for who can use and access this application. Once done, click Register.

Note: By default, the first option of supported account types is selected.

5. Go to ‘App Registrations‘ and open the application you just created.

6. On the application details page, you can find the Application and Directory ID as highlighted below. Please copy and save these values for use in AssetSonar.

7. For Client Secret value, you need to add API permissions. Here’s how you can add them:

On the Azure application details page, click Manage from the sidebar. Then, click ‘API Permissions,’ which is shown under the dropdown list.

On the API permissions page, click ‘Add a permission’ under the Configured permissions heading.
This will take you to the ‘Request API permissions’ page, where you are required to select Microsoft Graph Permissions.

8. Once Microsoft Graph is selected, select ‘Application permissions.’

9. Then, search for specific permissions. Here are the permissions you need to select:

User.Read.All
Directory.Read.All
DeviceManagementApps.Read.All
DeviceManagementManagedDevices.Read.All
DeviceManagementServiceConfig.Read.All

After the searched permission appears, please check and add the permission as shown below:

10. If you are using the MDM commands feature for Intune, please follow these steps:

For details on MDM commands for Intune integrations, please follow this link.

After adding all permissions, please search for additional API permission for MDM commands. Here is the permission you need to select:

DeviceManagementManagedDevices.PrivilegedOperations.All

Grant admin consent to successfully add this additional permission.

Go to AssetSonar MDM settings and refresh your token to complete this setup.

11. A Global Admin or an admin with privileges to grant these permissions needs to approve the specific permission added. Go to the Application details page→ API Permissions→Click ‘Grant Admin consent’

The status of specific permission will change to being granted as shown below:

12. Create a New Client Secret:

On the Azure application details page, click Manage from the sidebar. Then, click ‘Certificates and secrets,’ which is shown under the dropdown list.
On the Certificates and Secrets page, click ‘New client secret.’
A page pops up asking you to enter your description and expiry.
Note: We recommend to keep 365 days (12 months).
Click Add to save your client’s secret.

13. Once the client secret is added, you can view its value. Go to the ‘Certificates and Secrets‘ page and Click the Client Secrets tab. Copy the value as shown below.

Note: Please copy and save the value right away for future use in the AssetSonar setting. The value is only visible for a limited period before it disappears.

14. Now, enter all three values – Application ID, Directory ID, and Client secret value in AssetSonar and Click Add.

Your integration has been enabled. You are now ready to pull up device data from Microsoft Intune.

2. Syncing data with Microsoft Intune

2.1. Importing data

To import data from your Mobile Assets into AssetSonar, click the ‘Sync Now’ button that shows up after enabling the integration.

You should get the following message once your sync is successful.

Clicking on the message directs you to the Asset Listings page. Here you can view all the Mobile Assets that have been imported.

If you wish to see more granular details on each device’s system, hardware, software, and security configuration, click on the name of the Mobile Asset. You can see the relevant information by clicking on each tab.

AssetSonar typically records a host of system and hardware data fields captured from your Microsoft Intune account. These are listed as follows:

Name
Management Name
OS
OS Version
Serial Number
IMEI
MAC Address
MEID (UUID)
Model
BIOS Manufacturer
Total Storage
Free Storage
Intune Enrolled Date/Time
Last Intune Sync Date
Last Sync Date/Time

You can map the BIOS serial number of a discovered Device to the AIN of an existing Device, as shown below:

The Software Details tab displays a list of software applications installed in the Mobile Asset.

Furthermore, the Mobile Security Information tab shows security details, such as whether the Mobile Asset is jailbroken, supervised, and encrypted. It also displays the ‘Activation Lock Bypass Code,’ which is only visible to the Administrator.

2.2. Scheduling syncs

You can always update your Mobile Asset data at a later time to reflect changes in your mobile device inventory.

Apart from manually syncing your data, you can also choose to sync it every 24 hours. To do this, select the setting shown below and click ‘Update.’

The system shows details of every sync that it does as follows:

‘Last sync date’ refers to when Mobile Asset data gets updated in AssetSonar, whereas ‘Last Intune sync date’ represents when the Mobile Asset data was last updated in your Microsoft Intune account.

2.3 Provisioning Pre-configured Devices from Windows Autopilot

AssetSonar allows you to provision pre-configured devices from Windows Autopilot, so the relevant software applications will already be present and set up on a laptop when they are deployed to the user. The Windows Autopilot allows you to create and sync enrollment configurations, enabling you to enroll new computers with Intune without manually setting up your devices on-site beforehand.

To use this feature, go to Settings → Add Ons → Microsoft Intune Integration. As you would already have set up the integration using the guidelines mentioned above, you will need to check the option ‘Provision Windows Autopilot Devices’ as shown below:

Provisioning Pre-configured Devices from Windows Autopilot 1

A pop-up window will appear, asking you to confirm your credentials. Click on ‘Confirm’.

Provisioning Pre-configured Devices from Windows Autopilot 2

Once you click on Confirm, you will be redirected to the Microsoft dialog box to confirm your credentials. Once confirmed, click on ‘Update’ to save the settings.

To create and update configured and unconfigured assets through Intune, click ‘Sync Now’ and check the option box for ‘Schedule sync every 24 hours’. A glimpse of the option is shown below:

Provisioning Pre-configured Devices from Windows Autopilot 3

3. Syncing Devices based on type and ownership

AssetSonar also offers you greater control over the kinds of Devices you want to fetch using its Microsoft Intune integration.

You can import Devices from Microsoft Intune based on their:

Type — IT Asset, Mobile Asset
Ownership — Company-owned, employee-owned

3.1. Syncing Devices based on the type

You can either choose to import only IT Assets, only Mobile Assets, or both from your Microsoft Intune account into AssetSonar. For this purpose, select the relevant option from the setting highlighted below:

3.2. Syncing Devices based on ownership

AssetSonar promotes the BYOD culture in your organization by making it easier to distinguish between company-owned and employee-owned devices and manage them according to your company policies.

If you only wish to track the lifecycle and associated costs of company-owned Devices while allowing your employees to bring their devices to the workplace, you can only provide company-owned Devices from Intune.

Go to Settings → Add Ons → Microsoft Intune Integration → Sync Devices owned by:

AssetSonar uses the information fetched by Intune sync to determine and provision company-owned and/or employee-owned Devices as specified.

Note: You can also choose to provision Devices from Intune that have no ownership titles assigned to them by selecting the following option.

4. Detecting Deletion from Intune and Retiring Devices

4.1 Device retirement actions

AssetSonar allows you to take action on the devices that are deleted in Microsoft Intune. If a user has previously retired an asset in AssetSonar, but it is discovered again during the sync, you can turn on the setting to make that device available again.

From Microsoft Intune Integration setting, check the box for ‘Make Retired Devices Available If Discovered Again’.

This can be the case if the retired devices are deployed to other departments or resources that can still make use of these assets.

4.2 Deleted devices actions

AssetSonar allows you to detect the devices that have been deleted in Intune and users are able to take actions on these devices. To avail this option, check the ‘Detect Deleted Devices from Intune’ setting.

To get detailed information on the devices deleted in Intune, go to the Alerts detail page and scroll down to MDM Sync Summary. Check the option boxes for ‘MDM Sync Summary’ and ‘MDM Assets Deletion Summary’ as shown below:

Once you have enabled these options, you will start receiving emails after every sync, giving you details on how many deleted assets were detected. Here is a screenshot of a sync summary email:

With this integration, you also get the option to automatically retire devices that have been deleted in Microsoft Intune. Check the box for ‘Automatically Retire Deleted Devices from Intune’ to turn on this setting as shown below:

Please note that if the deleted device is associated with multiple Mobile Device Management (MDM) software, it will not be retired in AssetSonar. Instead, on the asset detail page, a message would displayed with the following text:

‘The IT Asset has been deleted in Intune. Please retire this asset.’

Additionally, devices checked out in AssetSonar or in maintenance mode will also not be retired.

Take your Intune Mobile Device Management up a notch with AssetSonar

With our Microsoft Intune integration, you can always keep tabs on the whereabouts of your mobile devices and answer questions like who has the custody of an iPhone 5S or where it is located. It enables you to schedule services on smartphones, analyze their usage trends, and conduct a thorough audit so you never lose track of the mobile devices used by employees in your organization.