
HaloITSM Guides
Documentation to assist with the setup and configuration of the HaloITSM platform
Intune Integration
Registering an Azure Application
To use the Intune integration, you are required to register an application in your Azure Admin Portal. To do this, open your Azure portal and select App registrations > New registration. Give your application a sensible name, and ensure that supported account types is set to "Single Tenant".
To finalise your application registration, you must register a redirect URI. Although this step is optional at the time of submission, a redirect URI is required for the integration to work successfully. The redirect URI should be entered in the following format: {Halo App URL}/azure/auth. For example, if your Halo application url is https://app.haloitsm.com, your redirect URI would be https://app.haloitsm.com/azure/auth as shown below.
Once the application has been registered successfully, navigate to the Certificates & secrets tab. Register a new client secret using the available options. Once created, keep a copy of this secret value somewhere safe, as it is not obtainable again once you leave the application.
The final step to configuring an application in Azure is to add API permissions so that your app can access resources in Intune. Navigate to the API permissions tab, where you will see that you have the permission User.Read by default. This permission can be removed as it is not required. Select Add a permission and choose Microsoft Graph from the list of available APIs.
Select Delegated Permissions and then select DeviceManagementManagedDevices.Read.All. Click Add permissions to add this permission to your application.
Enabling the Integration
To enable the Intune integration, navigate to Configuration > Integrations, and enable the module using the plus icon in the top right hand corner of the menu icon. Once the module has been enabled, click the menu icon to begin configuring it.
Intune Connections and Authorisation
Halo allows you to connect to multiple instances of Intune. You will need to create a separate application in each Azure tenant for each Intune instance that you would like to connect to. When adding a new connection into Halo, you must first give the connection a name. Then you are required to input your Azure tenant id, and the application id and secret of the application which has been created.
Click the authorize application button to begin the authorization process. You will be redirected to the Microsoft login screen, and upon a successful login, you will be redirected back to the Intune connection. Your application and authorisation details will be saved when you save the connection. To clear these details or make changes to your application configuration in Halo, click the Disconnect from Application button.
Note that if you make changes to your application in Azure, such as changing the API permissions or your client secret expires and you have to generate a new one, you will need to disconnect from your application in Halo and re-complete the authorization process.
Import Configuration
All of your managed devices can be imported into Halo from Intune. If you would like to import your users, then please use the Azure Active Directory integration for this. During the device import, a user will be linked to the device automatically if they have been imported from Azure using their Azure unique ids. If they have not been imported using the Azure Active Directory integration, then they will still be associated with the device if the userPrincipalName of the device matches an email address or windows login value of a user in Halo.
The field mappings tab allows you to map device fields from Intune to your fields in Halo. It is possible to map Intune fields to both custom fields, and also asset fields. Each intune field can only be mapped once.
On the imports tab under the settings heading, you must first choose a default site for assets that do not match a user during the import. The asset matching field can be used to match assets to existing records when they are being imported for the first time. This option is only required if your asset list already exists in Halo, and you would like incoming devices to update existing devices.
Finally, you have the option to decide how an assets type should be determined in Halo. The first option is to use the same asset type for all assets. This means all of your assets imported from Intune will be assigned to the same asset type. The second option is to use an Intune field to determine the asset type. Using this option takes the value of the chosen field for the asset being imported, and assigns it to an asset type with the same name as the field. If an asset type does not exist, then one will be created for you. The operatingSystem is the recommended field when using this option, but some additional fields have also been made available for you to use.
If you have decided to use a specific field to determine an assets type, you will also need to choose a group that any new assets should be assigned to.
Device Imports
Once you are happy with your configuration, you can begin importing users using either the manual import button, or by enabling the Halo Integrator for this particular Intune connection. It is recommended that you perform a manual import first, so that you can check more easily that there are no problems with your configuration of the integration.
The use of the Halo Integrator is not covered in this guide.
Popular Guides
- Asset Import - CSV/XLS/Spreadsheet Method
- Call Management in Halo
- Creating Agents and Editing Agent Details
- Departments, Teams and Roles
- Importing Data
- Multiple New Portals with different branding for one customer [Hosted]
- Organisation Basics
- Organising Teams of Agents
- Step-by-Step Configuration Walk Through
- Suppliers
- Syncing Exchange Calendars