Skip to main content

Microsoft Intune

Client Information

Before logs can be pulled from your Microsoft Intune account, some information will need to be gathered. Some of these items may require additional setup within your Microsoft account and are documented in the subsequent sections.

In order to enable log retrieval, the following information will need to be collected:

  • Directory ID - Sometimes referred to as the tenant or account id. This is a UUID string 36 characters in length
  • Application ID - This is a UUID string 36 characters in length
  • Secret Key - A random string approximately 44 characters in length

Additionally permissions will be required to be set to provide access to the log resources. These permissions are detailed below.

Configuring the Application Credentials

Windows provides a guide to configure Intune applications here. It might be handy to run through if any of the below information changes over time at Microsoft.

The first step will be to gather the information noted above and to setup an app registration for use.

To start, go to app registrations by signing into Intune (ensure admin access) from the menu choose Azure Active Directory > App Registrations.

Get the Directory ID

To get the Directory ID perform the following steps

  1. Login to the Microsoft Azure Portal with an administrator account.
  2. Select "Azure Active Directory" from "Favorites" on the left or "All services"
  3. Choose "Properties" under "Manage"
  4. Copy the "Tenant ID" using the copy button to the right of the Tenant ID
  5. Record this value and denote it as the "Directory ID"

Create an Application Registration

A new app registration must be created in the Azure Portal from which the Application ID and Secret Key will be copied.

  1. In the Microsoft Azure Portal select "Azure Active Directory"
  2. Then select "App Registrations" under "Manage"
  3. Click the "New registration" button at the top
  4. Enter in the Name "ActiveEye Security Monitor"
  5. Under "Supported account types", select "Accounts in this organizational directory only (<Your Organization Here>)"
  6. Leave "Redirect URI (optional)" unmodified
  7. At the bottom, click "Register"

Get the Application ID

Step 5 in the microsoft instructions shows where application ID is located.

You will be redirected to the registered application page for your new application registration. From here:

  1. Hover over "Application (client) ID" and the copy button will appear to the right. Click this button.
  2. Record this value as the "Application ID".
note

The value needed on this page is the Application ID, not the Object ID.

Get the Secret Key

  1. From the registered application page where you obtained the Application ID, click "Certificates and secrets" from the left-side menu.
  2. Under "Client secrets", click "New client secret".
  3. For "Description", enter "ActiveEye Security Monitor".
  4. Select "Never", then click "Add".
  5. When the screen refreshes, there will be a new entry under "Client secrets". Under "Value", there will be a copy button. Click this button.
  6. Record this value as the "Secret Key".
note

This is the only time this key will be available. If capturing this key was missed in the process then delete the original and create a new key.

Configure Windows Azure Active Directory Permissions to access the Intune APIs

Steps 5-7 in the microsoft instructions show how to configure the applications permisssions.

You will already be in the right spot if you are following step-by-step to continue below. If not, select "App registrations", then click on your newly created app. Then:

  1. From the application blade choose Settings > API access > Required permissions.
  2. From the Required Permissions blade, choose Add > Add API access > Select an API.
  3. From the Select an API blade, choose Microsoft Graph > Select. The Enable access blade opens and lists permission scopes available to your application.
  4. Set the following permission:
  • DeviceManagementApps.Read.All

Grant Permissions

warning

You must be a "Global Administrator" to perform this action. If you are not, you can ask an administrator do to so.

Anytime you make changes to app permissions an administrator must take the additional step to grant those permissions by performing the following steps. This step is critical and if not done event log collection will not function properly.

  1. On the next screen, click the "Grant Permissions" button
  2. Click "Yes" on the confirmation screen
  3. This will authorize the change to permissions that was made
warning

STOP! MAKE SURE TO COMPLETE THIS STEP

Provide Client Information

The Directory ID, Application ID, Secret Key and possibly Subscription IDs and names should now be collected and available to complete the setup and start log collection. Provide these value to your service representative or use them for self service configuration following the "Configuring a new Service Connector for log collection" guide.