Integrate Endpoint Admin to Endpoint Manager (Intune) – Endpoint Admin

In order to automate software deployment to your Endpoint Manager (Intune) tenant, a few steps has to be carried out by an administrator in your environment.

The setup consists of the following actions, which we will assist in guiding you through, in detail.

Registering Endpoint Admin as an application in your tenant.
Generating a Secret Key for API Access.
Granting API access to your Endpoint Admin subscription.
Testing established link from Endpoint Admin to Endpoint Manager (Intune) tenant.

Note: Only an administrator with either of the following rights can configure the following settings in Azure.

Application Admin
Global admin

Please follow the guidelines below to carry out to establish the trusted relationship.

	SETTING UP APP REGISTRATION
1.1	Firstly sign in to the Microsoft Azure portal.
1.2	Select the "Azure Active Directory" option.
1.3	In the context menu to the left, choose the "App registrations" option.
1.4	Choose the "New registration" option.
1.5	Select a name for the application registration. It is recommended that the name "Endpoint Admin" is used. Leave the options default and select "Register"
1.6	After registering. Click the name, to configure the Application registration.
	SETTING UP A SECRET KEY FOR API USAGE
2.1	Select the "Certificates & Secrets" option from the Manage section.
2.2	In the Client secrets section, choose the option "New client secret". Give the name a description. Fill in the details and select "add". Recommended configuration: Description: 'Endpoint Admin' Duration: 18 months
2.3	The Client secret can now be viewed under 'Certificates & Secrets'. Note: The Secret ID will be used in a later step of this setup.
	GRANTING API ACCESS TO ENDPOINT ADMIN
3.1	Inside the App Integrations entry you created earlier, choose 'API Permissions' from the context menu
3.2	Select "Add a permission"
3.3	Select the "Microsoft Graph" option.
3.4	Select the "Application permissions" option.
3.5	Delegate the following rights, followed by the option "Add permissions".	For integration with Microsoft Endpoint Manager: Application.ReadWrite.OwnedBy (Type Application) Application.ReadWrite.All (Type Application) Application.Read.All (Type Application) DeviceManagementApps.ReadWrite.All (Type Application) DeviceManagementApps.Read.All (Type Application) DeviceManagementManagedDevices.Read.All (Type Application) For the user faced shopping page: Group.Create (Type Application) Group.Read.All (Type Application) Group.ReadWrite.All (Type Application) User.Read (Type Delegated) User.Read.All (Type Application)
3.6	Select the "Grant admin consent for [tenant-name]" option.
3.7	In the right hand side, Select the "Save and continue" option.
3.8	Confirm that access has been marked as granted on all the API permissions.
	Configure Integration in Endpoint Admin
4.1	Navigate back to the Application Integration page, by clicking the name in the navigation menu.
4.2	Save the 'Application (client ID)' value for step 4.4. Save the 'Directory (tenant) ID' value for step 4.4.
4.3	In Endpoint Admin select the "integrations" option under 'Settings'.
4.4	In the Client Id field, paste the value from step 4.2: 'Application (client ID)'. In the Client secret field, paste the value from step 2.3: 'Client secret'. In the Azure tenant field, paste the value from step 4.2: 'Directory (tenant) ID'. Select the "Establish trust" option.
4.3	Press 'Test Integration', and confirm that a trust is established to your Endpoint Manager (Intune) tenant.

Congratulations. You've now set up your Endpoint Manager (Intune) tenant to your Endpoint Admin subscription! You are now ready to deploy applications.

SETTING UP APP REGISTRATION

SETTING UP A SECRET KEY FOR API USAGE

GRANTING API ACCESS TO ENDPOINT ADMIN

Configure Integration in Endpoint Admin

Related articles