HaloITSM

HaloITSM Guides

Documentation to assist with the setup and configuration of the HaloITSM platform

Guides > Intune Integration

Intune Integration

Overview

This comprehensive guide walks you through setting up and configuring the Microsoft Intune integration with Halo. You'll learn how to:

  • Register and configure your Azure application
  • Set up the integration in Halo
  • Configure field mappings and import settings
  • Manage ongoing synchronization

The Intune integration allows you to synchronize your Microsoft Intune-managed devices with Halo's asset management system. This integration enables:

  • Accurate device tracking in your Configuration Management Database (CMDB)
  • Device linking to service desk tickets
  • Automated device information updates
  • Streamlined asset lifecycle management
  • Enhanced IT support capabilities

Note: Regular synchronization ensures your service desk always has access to the most current device information, enabling more efficient support and accurate asset tracking.

Initial Azure Setup


Registering Your Application

Important: If you are using the Microsoft Entra ID (Azure active Directory) along with the Intune integration ensure the application configured for MS Entra has the following permission: DeviceManagementManagedDevices.Read.All (Delegated). If this permission is not assigned to your Entra application you will not be able to import assets from Intune. 

  1. Open your Azure portal and select App registrations > New registration
  2. Give your application a sensible name
  3. Ensure that supported account types is set to Single Tenant
  4. Configure your redirect URI with the type of Web as/azure/auth (E.g. if your Halo URL is https://example.com, your redirect URI would be https://example.com/azure/auth)


  5. Generate and store a client secret securely

  6. Ensure your redirect URI is setup with the type of Web as/azure/auth (E.g. if your Halo URL is https://example.com, your redirect URI would be https://example.com/azure/auth)

  7. Note down your App Registration's "Application (client) ID" and "Directory (tenant) ID" for Halo configuration detailed later in this article.

Configuring the integration in Halo

Once you have registered your application in Azure, you can configure the integration in Halo:

  1. Navigate to Configuration > Integrations and enable the integration by finding the module, hovering over it and clicking the + icon
  2. Navigate into the integration setup area by clicking the module button
  3. Click "New" to create a new connection
  4. Enter a name for your connection
  5. Select your preferred authentication method and credential type. If you are unsure which credential type to use check out our article Authentication Methods for Microsoft Integrations. The primary difference between the two authentication methods is the permission type to be applied to permissions against your App Registration.
    • Client Credentials Authentication
      • Required API Permissions (Application):
        • DeviceManagementManagedDevices.Read.All
        • User.Read.All

    • Authorization Code Authentication
      • Required API Permissions (Delegated):
        • DeviceManagementManagedDevices.Read.All
        • User.Read.All
        • offline_access

    • Adding permissions to an App Registration in Azure:

  6. Apply App Registration credentials previously noted from Azure into Halo
  7. Click "Save". The authorization process will differ based on your chosen authentication method:

    Note: Client Credentials is simpler to maintain as it doesn't depend on any specific user's permissions, but some organizations may have security policies that require user-based authentication through the Authorization Code flow.

For Client Credentials Authentication:

  • Clicking "Authorize Application" will validate your client ID and secret
  • No user interaction is required - this is a non-interactive flow
  • The system will verify that the credentials can obtain an access token with the required permissions

For Authorization Code Authentication:

  • Clicking "Authorize Application" will redirect you to Microsoft's login page
  • An Intune administrator must sign in and consent to the requested permissions
  • The administrator must maintain their permissions for the integration to continue working

Asset Types 

Here you can configure how assets are imported. When assets are imported from intune into Halo they will create Halo assets. As assets in Halo are grouped by type and group, how groups and types are assigned to these assets will need to be configured. 


Determine an Asset's type:

If you would like all imported assets to have the same asset type when imported set the 'Determining an Asset's type' field to be 'use the same type for all Assets' then set the 'Default Asset Type' field to be the asset type you would like assets from Intune to be.


If you would like all imported assets' types to be determined by a particular field, set the set the 'Determining an Asset's type' field to be 'Use a field to determine each Asset's type'. Then in 'Field for determining an Asset's type' choose the field you would like the type to depend on. The field you choose must contain the name of the desired asset type, if this name can be matched to an existing asset type in Halo, it will be assigned this asset type. If the name is not the same as an asset type in Halo, a new asset type will be created. Note that the names must be identical in order to match. This setting is used if you have a field in Intune that already determines an asset's type and you would like the types to be consistent between Halo and Intune. 


If you would like asset types to be determined by asset rules set the set the 'Determining an Asset's type' field to be 'Determine asset type using rules'. Now you will be able to set an asset's types based on rules, These rules are based on field values, and if matched will assign an asset to the chosen asset type. When creating a rule first add criteria for the rule, select the Halo field that you would like to base the criteria on, then set the rule type and the outcome needed in the field to match the rule. If an asset matches this rule it will be imported as this asset type. 


You will also need to set the asset group that new asset types are created under.


If you do not want asset types to be updated by Intune, disable the setting 'Do not Update Asset Types', other asset data will still sync but the type will not change. 


Users

If assets have been imported using Microsoft Entra they can be linked to users upon import. 


Under the 'Users' tab you can select which integration is used for user assignment, although you can still use Microsoft Entra to manage this but Intune is the recommended method as this will update relationship changes faster. 


You will then need to set the 'User Identifier' field, this is the field used to match the Halo user to the Intune user, this must be unique for each user. 



Field Mappings


Configure how Intune device data maps to your Halo assets:

  1. Select the "Field Mappings" tab
  2. Map Intune fields to corresponding Halo asset fields
  3. Configure any custom field mappings as needed


Import Settings

Configure how assets are imported:

  1. Select the "Imports" tab
  2. Set the "Default Site" for assets without associated users
  3. Choose an "Asset Matching Field" to identify existing assets
  4. Set the default status for new Assets


As of v2.182.1+, you can make assets inactive in Halo based on their last sync update to Halo. You can then set the Halo status they will be marked as once this day threshold is reached. For instance below, if not updated for 2 days the assets will be marked as "Inactive".



As of v2.186.1+, you can choose different methods of site allocation - whether by the user's site or the default. This can also be used so assets do not take the user's site upon sync for instance.


Popular Guides

Pin It on Pinterest