Skip to main content

Microsoft Intune

Microsoft Intune is a cloud-based endpoint protection management tool. You can bring host and mobile device data from Microsoft Intune into Brinqa to gain a comprehensive view of your hosts and take action to address any potential vulnerabilities on those assets to strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Microsoft Intune and how to obtain that information from Microsoft. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Microsoft Intune from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Microsoft Intune with Brinqa:

  • API URL: The Microsoft Graph API URL. The default URL is https://graph.microsoft.com.

  • Login URL: The Microsoft Azure authentication URL. The default URL is https://login.microsoftonline.com.

  • Client ID and Client secret: The client ID and client secret associated with the service principal, which must have permissions to log in to the Microsoft Azure Active Directory (Active AD) and return data from the Graph API.

  • Tenant ID: The unique identifier for the Active AD tenant associated with the service principal.

Register a Microsoft Azure application

You must create a new application for the Microsoft Intune connector to authenticate with Azure AD and access the Graph API. To register an application in your Azure AD tenant, follow these steps:

  1. Log in to your Microsoft Azure Portal as an administrator.

  2. Navigate to and click Microsoft Entra ID.

  3. On the left-hand side of the page, click App registrations, and then click New registration.

  4. Give your new application a name, select the supported account types, and provide an optional Redirect URI. If you do not have a redirect URI, you can leave the field as is.

    microsoft azure new application page

  5. Click Register.

note

For additional details about registering an application in Azure AD and creating a service principal, see Microsoft Azure documentation.

Obtain Microsoft Azure credentials

After you have created your new Microsoft Azure application, your client and tenant ID display. Copy the Application (client) ID and Directory (tenant) ID as shown below:

Microsoft Intune client and tenant ID

To obtain your client secret, follow these steps:

  1. Click Certificates & secrets and then click New client secret.

  2. Provide a description, set an expiry date, and then click Add.

    The new client secret displays. You cannot view the client secret again. There is both a Value and Secret ID. The Value field is needed for authentication. Copy the Value field and save it in a secure location.

    microsoft azure new client secret

Assign permissions

After you have created your new Microsoft Azure application and obtained the authentication credentials, you must assign the required permissions for the application to access your data. To do so, follow these steps:

  1. Navigate to API permissions > Add a permission > Microsoft Graph.

  2. Click Application permissions, grant the following permissions, and then click Add permissions.

    • Directory: Directory.Read.All

    • User: User.Read.All

  3. Click Add a permission and repeat the same steps for Delegated permissions. Grant the following permissions and click Add permissions.

    • Device: Device.Read.All

    • DeviceManagementApps: DeviceManagementApps.Read.All

    • DeviceManagementConfiguration: DeviceManagementConfiguration.Read.All

    • DeviceManagementManagedDevices: DeviceManagementManagedDevices.Read.All

    • DeviceManagementRBAC: DeviceManagementRBAC.Read.All

    • DeviceManagementServiceConfig: DeviceManagementServiceConfig.Read.All

    • Directory: Directory.Read.All

    • User: User.Read.All

  4. Click Grant admin consent for default directory, and then click Yes in the confirmation dialog. Your API permissions should resemble the following:

    Microsoft Azure grant admin consent for default directory

note

For additional information about Azure AD permissions, see Microsoft Azure documentation.

Types of data to retrieve

The Microsoft Intune connector can retrieve the following types of data from the Microsoft Graph API:

Table 1: Data retrieved from Microsoft Intune

Connector ObjectRequiredMaps to Data Model
HostYesHost
Mobile DeviceYesDevice
info

For detailed steps on how to view the data retrieved from Microsoft Intune in the Brinqa Platform, see How to view your data.

Data lifecycle management (DLM) strategy

The following table details the DLM strategy for the Microsoft Intune connector:

Table 2: Microsoft Intune DLM strategy

Connector ObjectInactivity ConditionPurge PolicySummary
HostLAST_SEEN NOT IN LAST 30 Days30 days after inactivityUses the LAST_SEEN attribute to identify hosts that are inactive within the last 30 days, and then purges the records after 30 days of inactivity.
Mobile DeviceLAST_SEEN NOT IN LAST 30 Days30 days after inactivityUses the LAST_SEEN attribute to identify mobile devices that are inactive within the last 30 days, and then purges the records after 30 days of inactivity.

Operation options

The Microsoft Intune connector supports operation options. See connector operation options for information about how to apply them.

The Microsoft Intune connector supports the filter operation option for both the Host and Mobile device connector objects. Filter is the key and for the supported values, see Microsoft documentation on using the filter query parameter.

APIs

The Microsoft Intune connector uses the Microsoft Graph REST API v1.0. Specifically, it uses the following endpoint:

Table 3: Microsoft Intune API Endpoints

Connector ObjectAPI Endpoints
HostGET /v1.0/deviceManagement/managedDevices
Mobile DeviceGET /v1.0/deviceManagement/managedDevices

Changelog

The Microsoft Intune connector has undergone the following changes:

Table 4: Microsoft Intune connector changelog

note

This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.

VersionDescriptionDate Published
3.4.19No change.August 5th, 2025
3.4.18No change.August 4th, 2025
3.4.17No change.August 1st, 2025
3.4.16No change.June 11th, 2025
3.4.15No change.May 27th, 2025
3.4.14No change.May 21st, 2025
3.4.13No change.May 20th, 2025
3.4.12No change.April 22nd, 2025
3.4.11Renamed the HOSTNAME attribute to HOST_NAMES on the Host object.April 7th, 2025
3.4.10No change.April 1st, 2025
3.4.9No change.March 26th, 2025
3.4.8No change.February 12th, 2025
3.4.7No change.January 28th, 2025
3.4.5No change.December 19th, 2024
3.4.4No change.December 6th, 2024
3.4.3No change.November 28th, 2024
3.4.2No change.October 7th, 2024
3.4.1Added support for Data lifecycle management to the Host and Mobile Device objects.September 27th, 2024
3.4.0No change.September 17th, 2024
3.3.10Code clean up and general maintenance.September 4th, 2024
3.3.9No change.August 27th, 2024
3.3.8No change.July 24th, 2024
3.3.7No change.July 24th, 2024
3.3.6No change.July 8th, 2024
3.3.5No change.May 20th, 2024
3.3.4No change.May 20th, 2024
3.3.3No change.May 20th, 2024
3.3.2No change.May 9th, 2024
3.3.1No change.May 3rd, 2024
3.3.0No change.April 30th, 2024
3.2.2No change.April 26th, 2024
3.2.1No change.April 19th, 2024
3.2.0No change.April 4th, 2024
3.1.18No change.April 4th, 2024
3.1.17No change.March 24th, 2024
3.1.16No change.March 14th, 2024
3.1.15No change.February 11th, 2024
3.1.14No change.February 2nd, 2024
3.1.13No change.January 26th, 2024
3.1.12No change.January 24th, 2024
3.1.11No change.October 11th, 2023
3.1.9No change.July 20th, 2023
3.1.8No change.July 19th, 2023
3.1.7No change.May 18th, 2023
3.1.6- Excluded 00000000-0000-0000-0000-000000000000 as a valid Azure Active Directory device ID.
- Updated dependencies.
May 9th, 2023
3.1.5Fixed a null pointer exception when there's no filter provided.May 8th, 2023
3.1.4No change.April 3rd, 2023
3.1.3No change.February 22nd, 2023
3.1.2No change.February 14th, 2023
3.1.1No change.February 9th, 2023
3.1.0Code clean up and general maintenance.February 8th, 2023
3.0.3Code clean up and general maintenance.February 7th, 2023
3.0.2No change.February 4th, 2023
3.0.1Normalized the MAC_ADDRESS attribute in the Computer object.January 24th, 2023
3.0.0Initial Integration+ release.January 23rd, 2023