Skip to main content
Matrix42 Self-Service Help Center

Creating the service connection for the Intune data provider


A service connection allows you to establish access to Microsoft Azure portal and obtain data from it without sharing the credentials. A service connection is configured once by an administrator and then it can automatically use a service for obtaining data.

The Intune add-on contains an Intune Integration capability for the Microsoft 365 service. This capability is needed for creating a service connection to Microsoft Azure portal.

To create a service connection, take the following steps:

  1. Configure the authentication and authorization settings for integration on Microsoft Azure portal.
  2. Create a tenant in Enterprise Service Management.
  3. Create a service connection in Enterprise Service Management.

Configuring the authentication and authorization on Microsoft Azure Portal

To configure the integration settings on Microsoft Azure portal, you will need to register your Enterprise Service Management application on the portal.

Registering an application

  1. On the Microsoft Azure Portal home page, go to the Azure services and click App registrations.
  2. On the opened page, run the New registration action.
  3. Configure your application:
  • Provide a name for the application integration.
  • Choose Supported account types.
  • Add a Redirect URI: select Web and enter Redirect URI (in the following format: https://{your_domain_name}/wm/externalAuth/exchange).
  1. Click Register.


Assigning permissions

  1. After the application is created, go to the API permissions section of the new application.
  2. Use the Add a permission action to add a permission. Click Microsoft Graph and choose:
  • Device.Read.All (Application)
  • DeviceManagementApps.Read.All (Application)
  • DeviceManagementManagedDevices.Read.All (Application)
  • DeviceManagementManagedDevices.Read.All (Delegated)
  • offline_access (Delegated)
  • openid (Delegated)
  • User.Read (Delegated)
  • User.Read.All (Application)
  1. Then run the Grant admin consent action.


Creating a secret key

  1. Go to the Certificates & secrets section of the new application.
  2. Run the New client secret action to create a secret key.
  3. Provide the description and expiration date for the key and click Add.
  4. After a new key is displayed, copy its value immediately. Later it will be hidden.

Save the secret key value. It will be used to create a service connection in Matrix42 Enterprise Service Management.


Retrieving the client ID and tenant ID

Client ID and tenant ID of your registered application are required for creating a service connection. You can find these values in the Overview section of the registered application.


Creating a tenant

In Matrix42 Enterprise Service Management, you need to create a tenant for the service connection.

  1. Go to the Administration application and open the Integration > Service Connections > Tenants navigation item.
  2. Run the Add Tenant action. A new tenant dialog opens.
  3. Provide an appropriate name for your tenant from the Microsoft Azure portal.
  4. Select Microsoft 365 in the Service field.
  5. Fill in the Client ID, Tenant and Client Secret fields with the data from Microsoft Azure.
  6. Save the dialog.

Creating a service connection

Next, create a service connection to your company's Microsoft Azure portal.

  1. In the Administration application, go to Integration > Service Connections > Connections.
  2. Run the Add Service Connection action. A new connection dialog opens.
  3. Select Microsoft 365 - Intune in the Service field.
  4. In the Tenant field, select the tenant record that you have created earlier.
  5. Click Setup authentication.
  6. Provide the credentials for your company's Microsoft Azure portal and save the dialog.

Now you can use this service connection in the configuration of the Intune data provider.

  • Was this article helpful?