HaloCRM Guides
Intune Integration
Overview
This comprehensive guide walks you through setting up and configuring the Microsoft Intune integration with Halo. You'll learn how to:
- Register and configure your Azure application
- Set up the integration in Halo
- Configure field mappings and import settings
- Manage ongoing synchronization
The Intune integration allows you to synchronize your Microsoft Intune-managed devices with Halo's asset management system. This integration enables:
- Accurate device tracking in your Configuration Management Database (CMDB)
- Device linking to service desk tickets
- Automated device information updates
- Streamlined asset lifecycle management
- Enhanced IT support capabilities
Note: Regular synchronization ensures your service desk always has access to the most current device information, enabling more efficient support and accurate asset tracking.
Initial Azure Setup
Registering Your Application
To use the Intune integration, you are required to register an application in your Azure Admin Portal:
- Open your Azure portal and select App registrations > New registration
- Give your application a sensible name
- Ensure that supported account types is set to Single Tenant
- Configure your redirect URI with the type of Web as
/azure/auth(E.g. if your Halo URL is https://example.com, your redirect URI would be https://example.com/azure/auth) - Generate and store a client secret securely
- Ensure your redirect URI is setup with the type of Web as
/azure/auth(E.g. if your Halo URL is https://example.com, your redirect URI would be https://example.com/azure/auth) - Note down your App Registration's "Application (client) ID" and "Directory (tenant) ID" for Halo configuration detailed later in this article.
Configuring the integration in Halo
Once you have registered your application in Azure, you can configure the integration in Halo:
- Navigate to Configuration > Integrations and enable the integration by finding the module, hovering over it and clicking the + icon
- Navigate into the integration setup area by clicking the module button
- Click "New" to create a new connection
- Enter a name for your connection
- Select your preferred authentication method. You can select "Authorization Code" or "Client Credentials". The primary difference between the two methods is the permission type to be applied to permissions against your App Registration.
- Client Credentials Authentication
- Required API Permissions (Application):
- DeviceManagementManagedDevices.Read.All
- User.Read.All
- Required API Permissions (Application):
- Authorization Code Authentication
- Required API Permissions (Delegated):
- DeviceManagementManagedDevices.Read.All
- User.Read.All
- offline_access
- Required API Permissions (Delegated):
- Adding permissions to an App Registration in Azure:
- Client Credentials Authentication
- Apply App Registration credentials previously noted from Azure into Halo
- Click "Save". The authorization process will differ based on your chosen authentication method:
Note: Client Credentials is simpler to maintain as it doesn't depend on any specific user's permissions, but some organizations may have security policies that require user-based authentication through the Authorization Code flow.
- For Client Credentials Authentication:
- Clicking "Authorize Application" will validate your client ID and secret
- No user interaction is required - this is a non-interactive flow
- The system will verify that the credentials can obtain an access token with the required permissions
- For Authorization Code Authentication:
- Clicking "Authorize Application" will redirect you to Microsoft's login page
- An Intune administrator must sign in and consent to the requested permissions
- The administrator must maintain their permissions for the integration to continue working
Asset Types
Here you can configure how assets are imported. When assets are imported from intune into Halo they will create Halo assets. As assets in Halo are grouped by type and group, how groups and types are assigned to these assets will need to be configured.
Determine an Asset's type:
If you would like all imported assets to have the same asset type when imported set the 'Determining an Asset's type' field to be 'use the same type for all Assets' then set the 'Default Asset Type' field to be the asset type you would like assets from Intune to be.
If you would like all imported assets' types to be determined by a particular field, set the set the 'Determining an Asset's type' field to be 'Use a field to determine each Asset's type'. Then in 'Field for determining an Asset's type' choose the field you would like the type to depend on. The field you choose must contain the name of the desired asset type, if this name can be matched to an existing asset type in Halo, it will be assigned this asset type. If the name is not the same as an asset type in Halo, a new asset type will be created. Note that the names must be identical in order to match. This setting is used if you have a field in Intune that already determines an asset's type and you would like the types to be consistent between Halo and Intune.
If you would like asset types to be determined by asset rules set the set the 'Determining an Asset's type' field to be 'Determine asset type using rules'. Now you will be able to set an asset's types based on rules, These rules are based on field values, and if matched will assign an asset to the chosen asset type. When creating a rule first add criteria for the rule, select the Halo field that you would like to base the criteria on, then set the rule type and the outcome needed in the field to match the rule. If an asset matches this rule it will be imported as this asset type.
You will also need to set the asset group that new asset types are created under.
If you do not want asset types to be updated by Intune, disable the setting 'Do not Update Asset Types', other asset data will still sync but the type will not change.
Users
If assets have been imported using Microsoft Entra they can be linked to users upon import.
Under the 'Users' tab you can select which integration is used for user assignment, although you can still use Microsoft Entra to manage this but Intune is the recommended method as this will update relationship changes faster.
You will then need to set the 'User Identifier' field, this is the field used to match the Halo user to the Intune user, this must be unique for each user.
Field Mappings
Configure how Intune device data maps to your Halo assets:
- Select the "Field Mappings" tab
- Map Intune fields to corresponding Halo asset fields
- Configure any custom field mappings as needed
Import Settings
Configure how assets are imported:
- Select the "Imports" tab
- Set the "Default Site" for assets without associated users
- Choose an "Asset Matching Field" to identify existing assets
- Set the default status for new Assets
Popular Guides
- Asset Import - CSV/XLS/Spreadsheet Method
- Call Management in Halo
- Creating a New Application for API Connections
- Creating Agents and Editing Agent Details
- Departments, Teams and Roles
- Halo Integrator
- Importing Data
- Multiple New Portals with different branding for one customer [Hosted]
- NHServer Deprecation User Guide
- Organisation Basics
- Organising Teams of Agents
- Step-by-Step Configuration Walk Through
- Suppliers
