Configuring the Prerequisites

Here are the prerequisites steps that need to be completed before configuring the Intune Connect app:

To complete Steps 1 & 2 above, you will need have a Jira Service Management role of either Assets Administrator or Assets Manager.  

To complete Step 3 above, you will need to have either Application Administrator or Application Developer role in your Azure Active Directory. Additionally, either a Global Administrator or a Privileged Role Administrator will be required.  

Step 1: Choose or Create an Object Schema in Assets to hold the Intune device information

This will hold the data imported from Intune. If you have an existing Object Schema type that is used to store device inventory or other configuration items, you may want to consider using that Object Schema.  

When you configure the Intune Connect app, an Object Type for InTune devices will be created in the Object Schema.  

If you do not have an existing Object Schema that could be used to store Intune device information, we recommend creating an Object Schema type for storing device or Configuration Item data imported from Intune or other systems.  

Here's an example of creating an Object Schema called "CI-Imports" that will be configured to contain the Object Type for Intune Device information.  

Go to the Asset and Configuration Management page and click on the + (plus) sign at the top of the schema list.  

Open

 Enter the name of the Object Schema ('CI-Imports' in this example) 

Open

After these two steps, your new Object Schema will be added to the list:  

For additional information on creating Object Schemas, visit the "Working with Object Schemas" page in the Jira Service Management Support site.  

Step 2: Configure the target Object Schema by creating an Import structure and generating a token 

An Import Token is needed when configuring the Intune Connect app. To get this Token, navigate to the Configuration page of the target Object Schema.  

 On the Object Schema's configuration page, click on the Import Tab.  

Click on the Create Import button 

Select "External Import" from the list of Import Types 

Give the import structure a name and click the Create Import button

A new import configuration will be created

Click on the action menu for the newly created Import and select the "Generate new token"  

Copy the generated token and store in a safe location. This token will be needed when configuring the app. 

Step 3: Create and configure an App Registration in Azure Active Directory that will have access to the Intune API

To import the list of Intune-managed devices, the app requires access to the Intune API, which is part of Microsoft's Graph API. An Application Registration needs to be created and configured with your Azure Active Directory that provides the necessary credentials and permissions for the Intune Connect app to retrieve the device information from the Graph API. 

To create the application registration, follow the instructions on this page: Quickstart: Register an app in the Microsoft identity platform - Microsoft identity platform .  Here are some details to adhere to while following these instructions: 

• Keep all the default settings  

• Leave the Redirect URL field blank 

• No platform settings need to be configured 

• When creating a Client Secret, set an expiration date that meets your organizational security policies (up to 24 months). This expiration date should subsequently be saved and tracked; prior to its expiration, a new Client Secret will need to be created, which should be used to update the Intune Connect app configuration.  

• Also, save the Client Secret so it can be copied upon creation and used in the upcoming Intune Connect app configuration. This client secret will not be accessible later.  

After following these instructions, copy the generated Application (client) ID and the Directory (tenant) ID shown in the App Registration's Overview page. These two values will also be used when configuring the Intune Connect App. 

Configuring Permissions in the Application Registration 

After creating the Application Registration and the Client Secret, add the following permission on the "API permissions" page of the registration:  

Steps:

Sub-step 1: Click on "Add a Permission" 

Sub-step 2: In the "Request API Permissions" panel, choose "Microsoft Graph" 

Sub-step 3: Click on "Application Permissions" 

Sub-step 4: Search for "managedDevices" and then select the DeviceManagementManagedDevices.Read.All permission, then click the Add Permissions button to complete the operation 

At this point, the permission will be listed, but show as "Not Granted" yet. 

Granting Admin Consent  

 Admin Consent now needs to be granted to the application registration. This can only be done by a Global Administrator (or a user with the Privileged Role Management role) of your Azure Active Directory.  

The Global Administrator will need to bring up that Application Registration in the Azure Portal, go to the "API permissions" page, click on "Grant admin consent for <your domain name>" link, and then answer yes to the "Grant admin consent confirmation" pop-up.  

To confirm that admin consent has been granted, go back to the application registration's "API permissions" page. It should now show the status as Granted.  

Resulting information ready for use

After completing this prerequisite steps, you should have the following information ready for use when configuring the Intune Connect app: 

• The Import Token for the Object Schema in Jira Service Management 

• From the Azure Application Registration: 

  • The Application (Client) ID 

  • The Directory (Tenant) ID 

  • The Client Secret generated  

Now you can proceed to configuration the Intune Connect App within Jira Service Management.