Here are the prerequisites steps that need to be completed before configuring the Intune Connect app:
...
To complete Step 3 above, you will need to have either Application Administrator or Application Developer role in your Azure Active Directory. Additionally, either a Global Administrator or a Privileged Role Administrator will be required.
Step 1: Choose or Create an Object Schema in Assets to hold the Intune device information
This will hold the data imported from Intune. If you have an existing Object Schema type that is used to store device inventory or other configuration items, you may want to consider using that Object Schema.
...
Here's an example of creating an Object Schema called "CI-Imports" that will be configured to contain the Object Type for Intune Device information.
Go to the Asset and Configuration Management page and click on the + (plus) sign at the top of the schema list.
...
Enter the name of the Object Schema ('CI-Imports' in this example)
...
After these two steps, your new Object Schema will be added to the list:
...
For additional information on creating Object Schemas, visit the "Working with Object Schemas" page in the Jira Service Management Support site.
Step 2: Configure the target Object Schema by creating an Import structure and generating a token
...
An Import Token is needed when configuring the Intune Connect app. To get this Token, navigate to the Configuration page of the target Object Schema.
...
On On the Object Schema's configuration page, click on the Import Tab.
...
Click on the Create Import button and select button
...
Select "External Import" from the list of Import Types
...
Select External Import
Types
...
Give the import structure a name and click the Create Import button
...
Copy the generated token and store in a safe location. This token will be needed when configuring the app.
...
Step 3: Create and configure an App Registration in Azure Active Directory that will have access to the Intune API
To import the list of Intune-managed devices, the app requires access to the Intune API, which is part of Microsoft's Graph API. An Application Registration needs to be created and configured with your Azure Active Directory that provides the necessary credentials and permissions for the Intune Connect app to retrieve the device information from the Graph API.
...
After following these instructions, copy the generated Application (client) ID and the Directory (tenant) ID shown in the App Registration's Overview page. These two values will also be used when configuring the Intune Connect App.
Configuring Permissions in the Application Registration
After creating the Application Registration and the Client Secret, add the following permission on the "API permissions" page of the registration:
Steps:
Sub-step 1: Click on "Add a Permission"
...
Sub-step 2: In the "Request API Permissions" panel, choose "Microsoft Graph"
...
Sub-step 3: Click on "Application Permissions"
...
Sub-step 4: Search for "managedDevices" and then select the DeviceManagementManagedDevices.Read.All permission, then click the Add Permissions button to complete the operation
...
At this point, the permission will be listed, but show as "Not Granted" yet.
...
Granting Admin Consent
Admin Consent now needs to be granted to the application registration. This can only be done by a Global Administrator (or a user with the Privileged Role Management role) of your Azure Active Directory.
...
To confirm that admin consent has been granted, go back to the application registration's "API permissions" page. It should now show the status as Granted.
...
Resulting information ready for use
After completing this prerequisite steps, you should have the following information ready for use when configuring the Intune Connect app:
...