Intune

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used, including mobile phones, tablets, and laptops. Intune plugin has been designed to perform Intune tasks.

Prerequisites:

1. Create Intune instance with access details and Intune Credentials -
   

On Azure Portal: https://portal.azure.com/

2. Create Credentials for Intune:
   

Steps to generate Credentials (Tenant ID and Client ID and Client Secret):

1. Credentials for Intune include Tenant ID, Client ID and Client Secret.
2. Login to Azure AD with Global Administrator account type. Global Administrator account type can access all the managed content (Devices and Applications) APIs by creating an application. 
3. Use the portal (portal.azure.com) to create an Azure AD Application and Service Principal (Global Administrator) that can access resources. Note the Tenant ID and Client ID of the Application. 
4. Create a new Application Secret/Client Secret.

2. The following permissions are required:
   

Permission type	Permission (from least to most privileged)
Application	DeviceManagementManagedDevices.PrivilegedOperations.All,  DeviceManagementManagedDevices.ReadWrite.All

Please refer 42 Appendix 16: Intune- Generate Client Credentials to generate Credentials and assign the permissions mentioned in the table above.

References:

1. Manage Devices with Microsoft Endpoint: http://endpoint.microsoft.com/
2. Intune Device Enrollment: https://docs.microsoft.com/en-us/mem/intune/enrollment/
3. API Reference: https://docs.microsoft.com/en-us/graph/api/resources/intune-graph-overview?view=graph-rest-1.0
4. https://docs.microsoft.com/en-us/mem/intune/
5. https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis
6. Supported operating systems and browsers in Intune

https://docs.microsoft.com/en-us/mem/intune/fundamentals/supported-devices-browsers

Notes: 

1. The Plugin has been tested on Android and Windows devices
2. Remote lock operation is not supported by 'Windows' devices, so Remote Lock By Device ID/Username plugins are not applicable for Windows devices.
3. Device ID Type: 'Phone number' and 'IMEI' is only supported for cellular devices. 

Intune: Delete Device By ID  

Description

Intune: Delete Device By ID plugin step sends a Device Delete command to the devices identified by device ID and Deletes the device.

.

Configurations 

Configuration:
No.	Field Name	Description
1	Step Name	Name of the step.  This name has to be unique in a single workflow.
	Connection:
2	Tenant ID	Specify Tenant ID.  The field data type is String. This is mandatory. Note: To create Tenant ID refer plugin prerequisites.
3	Client ID	Specify Client ID. The field data type is String. This is mandatory. Note: To create Client ID refer plugin prerequisites.
	Client Secret:	Note: To create Client Secret refer the plugin prerequisites.
4	Accept Values from fields	Leave checkbox unchecked to accept Client Secret value from a field in the previous steps of the stream using a drop down list.  Else enable checkbox for Client Secret field to appear as Text box.
5	Client Secret	Provide the Client Secret.  If checkbox above is enabled Client Secret field appears as Text box and accepts static values or environment variables. Else if checkbox above is disabled Client Secret field appears as a drop down to select fields from previous steps. The field data type is String This field is mandatory.
6	Test Connection	Verifies whether the connection is established or not. Note: For the purpose of verification fields coming from previous steps are not allowed since field values can only be accessed when workflow is in running state. Static values and environment variables are allowed.

Input Tab:
No.	Field Name	Description
	Input Fields:
1	Device ID Type	Specify type of Device ID of the Device to be deleted. Allowed values:  'Intune Device ID', 'Azure AD Device ID', 'IMEI', 'Serial number', 'Phone number'. The field data type is String This field is mandatory.
2	Device ID	Specify Device ID which is a unique identifier that identifies the device. The field data type is String This field is mandatory. Note: Device ID should be valid and must not be Zero (0).

Configuration:
No.	Field Name	Description
1	Step Name	Name of the step.  This name has to be unique in a single workflow.
	Connection:
2	Tenant ID	Specify Tenant ID.  The field data type is String. This is mandatory. Note: To create Tenant ID refer plugin prerequisites.
3	Client ID	Specify Client ID. The field data type is String. This is mandatory. Note: To create Client ID refer plugin prerequisites.
	Client Secret:	Note: To create Client Secret refer plugin prerequisites.
4	Accept Values from fields	Leave checkbox unchecked to accept Client Secret value from a field in the previous steps of the stream using a drop down list.  Else enable checkbox for Client Secret field to appear as Text box.
5	Client Secret	Provide the Client Secret.  If checkbox above is enabled Client Secret field appears as Text box and accepts static values or variables. Else if checkbox above is disabled Client Secret field appears as a drop down to select fields from previous steps. The field data type is String This field is mandatory.
6	Test Connection	Verifies whether the connection is established or not. Note: For the purpose of verification fields coming from previous steps are not allowed since field values can only be accessed when workflow is in running state. Static values and environment variables are allowed.

Input Tab:
No.	Field Name	Description
	Input Fields:
1	Device ID Type	Specify type of Device ID for Device to be remote locked. Allowed values:  'Intune Device ID', 'Azure AD Device ID', 'IMEI', 'Serial number', 'Phone number'. The field data type is String This field is mandatory.
2	Device ID	Specify Device ID which is a unique identifier that identifies the device. The field data type is String This field is mandatory. Note: Device ID should be valid and must not be Zero (0).

Configuration:
No.	Field Name	Description
1	Step Name	Name of the step.  This name has to be unique in a single workflow.
	Connection:
2	Tenant ID	Specify Tenant ID.  The field data type is String. This is mandatory. Note: To create Tenant ID refer plugin prerequisites.
3	Client ID	Specify Client ID. The field data type is String. This is mandatory. Note: To create Client ID refer plugin prerequisites.
	Client Secret:	Note: To create Client Secret refer plugin prerequisites.
4	Accept Values from fields	Leave checkbox unchecked to accept Client Secret value from a field in the previous steps of the stream using a drop down list.  Else enable checkbox for Client Secret field to appear as Text box.
5	Client Secret	Provide the Client Secret.  If checkbox above is enabled Client Secret field appears as Text box and accepts static values or variables. Else if checkbox above is disabled Client Secret field appears as a drop down to select fields from previous steps. The field data type is String This field is mandatory.
6	Test Connection	Verifies whether the connection is established or not. Note: For the purpose of verification fields coming from previous steps are not allowed since field values can only be accessed when workflow is in running state. Static values and environment variables are allowed.

Input Tab:
No.	Field Name	Description
	Input Fields:
1	Device ID Type	Specify type of Device ID of Device to be retired. Allowed values:  'Intune Device ID', 'Azure AD Device ID', 'IMEI', 'Serial number', 'Phone number'. The field data type is String This field is mandatory.
2	Device ID	Specify Device ID which is a unique identifier that identifies the device. The field data type is String This field is mandatory. Note: Device ID should be valid and must not be Zero (0).

Configuration:
No.	Field Name	Description
1	Step Name	Name of the step.  This name has to be unique in a single workflow.
	Connection:
2	Tenant ID	Specify Tenant ID.  The field data type is String. This is mandatory. Note: To create Tenant ID refer plugin prerequisites.
3	Client ID	Specify Client ID. The field data type is String. This is mandatory. Note: To create Client ID refer plugin prerequisites.
	Client Secret:	Note: To create Client Secret refer plugin prerequisites.
4	Accept Values from fields	Leave checkbox unchecked to accept Client Secret value from a field in the previous steps of the stream using a drop down list.  Else enable checkbox for Client Secret field to appear as Text box.
5	Client Secret	Provide the Client Secret.  Client Secret is entered using a widget. The widget handles both Text (static value or environment variable) and Combo (drop down containing values from previous steps).  The field data type is String This field is mandatory. If checkbox above is enabled Client Secret field appears as Text box and accepts static values or variables. Else if checkbox above is disabled Client Secret field appears as a drop down to select fields from previous steps.
6	Test Connection	Verifies whether the connection is established or not. Note: For the purpose of verification fields coming from previous steps are not allowed since field values can only be accessed when workflow is in running state. Static values and environment variables are allowed.

Input Tab:
No.	Field Name	Description
	Input Fields:
1	Device ID Type	Specify type of Device ID for Device wipe. Allowed values:  'Intune Device ID', 'Azure AD Device ID', 'IMEI', 'Serial number', 'Phone number'. The field data type is String This field is mandatory.
2	Device ID	Specify Device ID which is a unique identifier that identifies the device. The field data type is String This field is mandatory. Note: Device ID should be valid and must not be Zero (0).