HaloCRM Guides
Intune Integration
Registering an Azure Application
To use the Intune integration, you are required to register an application in your Azure Admin Portal. To do this, open your Azure portal and select App registrations > New registration. Give your application a sensible name, and ensure that supported account types is set to "Single Tenant".
To finalize your application registration, you must register a redirect URI. Although this step is optional at the time of submission, a redirect URI is required for the integration to work successfully. The redirect URI should be entered in the following format: <Halo Web App Agent Portal URL>/azure/auth. For example, if your Halo application URL is https://app.haloitsm.com, your redirect URI would be https://app.haloitsm.com/azure/auth as shown below.
Once the application has been registered successfully, navigate to the Certificates & secrets tab. Register a new client secret using the available options. Once created, keep a copy of this secret value somewhere safe, as it is not obtainable again once you leave the application.
The final step to configuring an application in Azure is to add API permissions so that your app can access resources in Intune. Navigate to the API permissions tab, where you will see that you have the permission User.Read by default. This permission can be removed as it is not required. Select Add a permission and choose Microsoft Graph from the list of available APIs.
Select Delegated Permissions and then select DeviceManagementManagedDevices.Read.All. Click Add permissions to add this permission to your application.
Enabling the Integration
To enable the Intune integration, navigate to Configuration > Integrations, and enable the module using the plus icon in the top right hand corner of the menu icon. Once the module has been enabled, click the menu icon to begin configuring it.
Intune Connections and Authorization
Halo allows you to connect to multiple instances of Intune. You will need to create a separate application in each Azure tenant for each Intune instance that you would like to connect to. When adding a new connection into Halo, you must first give the connection a name. Then you are required to input your Azure tenant id, and the application id and secret of the application which has been created.
Click the authorize application button to begin the authorization process. You will be redirected to the Microsoft login screen, and upon a successful login, you will be redirected back to the Intune connection. Your application and authorization details will be saved when you save the connection. To clear these details or make changes to your application configuration in Halo, click the Disconnect from Application button.
Note that if you make changes to your application in Azure, such as changing the API permissions or your client secret expires and you have to generate a new one, you will need to disconnect from your application in Halo and re-complete the authorization process.
Import Configuration
All of your managed devices can be imported into Halo from Intune. If you would like to import your users, then please use the Azure Active Directory integration for this. During the device import, a user will be linked to the device automatically if they have been imported from Azure using their Azure unique ids. If they have not been imported using the Azure Active Directory integration, then they will still be associated with the device if the userPrincipalName of the device matches an email address or windows login value of a user in Halo.
The field mappings tab allows you to map device fields from Intune to your fields in Halo. It is possible to map Intune fields to both custom fields, and also asset fields. Each intune field can only be mapped once.
On the imports tab under the settings heading, you must first choose a default site for assets that do not match a user during the import. The asset matching field can be used to match assets to existing records when they are being imported for the first time. This option is only required if your asset list already exists in Halo, and you would like incoming devices to update existing devices.
Finally, you have the flexibility to decide how the asset type should be determined in Halo:
- Same Asset Type for All Assets
- All assets imported from Intune will be assigned the same asset type.
- Use an Intune Field for Asset Type Determination
- The value of the chosen field for the imported asset will be used to assign it to an asset type with the same name as the field.
- If the asset type doesn't exist, a new one will be created.
- The recommended field for this option is 'operatingSystem,' although additional fields are also available for your use.
- You will also need to choose a group to which any new asset types should be assigned to.
Device Imports
Once you are happy with your configuration, you can begin importing using either the manual import button, or by enabling the Halo Integrator for this particular Intune connection. It is recommended that you perform a manual import first, so that you can check more easily that there are no problems with your configuration of the integration.
Popular Guides
- Asset Import - CSV/XLS/Spreadsheet Method
- Call Management in Halo
- Creating a New Application for API Connections
- Creating Agents and Editing Agent Details
- Departments, Teams and Roles
- Halo Integrator
- Importing Data
- Multiple New Portals with different branding for one customer [Hosted]
- NHServer Deprecation User Guide
- Organisation Basics
- Organising Teams of Agents
- Step-by-Step Configuration Walk Through
- Suppliers