Connecting to Your Intune Tenant

Before starting to use Neurons Patch for Intune, you first need to configure the connection to your Intune tenant.

Watch a related video (7:17)

When you first start Neurons Patch for Intune, or when a new configuration option becomes available, a welcome dialog appears that guides you through these procedures. This page provides details about those procedures and also describes how to complete those procedures when the welcome dialog does not appear.

Complete the application registration in the Entra ID section of your Azure portal. The registration gives you the necessary permissions to connect, create and read applications within your Intune tenant.

  1. Select App registrations > New registration and follow the registration wizard.
  2. In the Register an application window, enter the following information:
    • Name: Enter a unique and descriptive name.
    • Remaining settings: In most cases, simply accept the defaults.
  3. Select Register.
  4. Go to API permissions > Add a permission.
  5. Select Microsoft Graph.
  6. Under Delegated permissions, enable the following permissions:
    • Directory.Read.All
  7. Under Application permissions, enable the following permissions:
    • Application.Read.All
    • DeviceManagementApps.ReadWrite.All
    • DeviceManagementManagedDevices.Read.All
    • DeviceManagementRBAC.Read.All (only required in a scoped Intune environment)
    • GroupMember.Read.All
  8. Select Add permissions.

    9. An administrator must grant consent for the permissions. If you are an administrator, you can do it yourself by clicking Grant admin consent for <name>. Additionally, all users of Patch for Intune must be a member of an Entra ID group that has the app registration with these permissions.

Before publishing third-party products to Intune, first specify your Azure credentials. To create a new Azure credential to use to access your Intune tenant, follow these steps:

  1. Within your Ivanti Neurons tenant, navigate to Admin > Patch for Intune Settings and under the Azure Credentials list, select Add Azure Credential.
    The Add Azure Credential panel appears.
  2. In the Add Azure Credential panel, enter the appropriate information in the corresponding fields:
    • Name: Enter an appropriate name for the new credentials.
    • Description (optional): Enter an appropriate description for the new credentials.
    • Tenant ID: This is the Directory (tenant) ID from the Overview tab in your Azure portal. It is available immediately after the registration process.
    • Client ID: This is the Application (client) ID from the Overview tab in your Azure portal. It is available immediately after the registration process.
    • Client Secret: This is the Value of the secret from the Certificates & secrets tab in your Azure portal. Create a new client secret, if needed, and then paste the secret here.
  3. Click Test to confirm the settings are correct, then select Submit.
    The new credential is created and the Add Azure Credential panel closes.

If you have multiple Intune tenants, you can specify unique credentials for each tenant. However, you are able to publish to only one Intune tenant at a time.

During the Entra ID configuration, you need to provide a Redirect URI. The Redirect URI differs based on the location of your Ivanti Neurons tenant. To configure the Redirect URI, follow these steps:

  1. Within your Ivanti Neurons tenant, go to Admin > Patch for Intune Settings.
  2. Copy the Azure App Registration redirect URI using the Copy to clipboard Copy to clipboard button.
  3. Switch to your registered application in your Azure portal and go to Authentication > Add a platform.
  4. In the Configure platforms panel, select Single-page application.
  5. Enter the Redirect URI previously copied in the appropriate field and select Configure.

After creating the new Intune credential, establish a connection with the Intune tenant.

  1. Within your Ivanti Neurons tenant, go to Admin > Patch for Intune Settings.
  2. Select the desired Intune credentials and select Connect to establish a connection with the Intune tenant.

The first time you go to Software > Patch for Intune, a connection reminder message is displayed if you are not connected to your Intune tenant.

Your organization may have a single Intune tenant that is divided into separate scopes to enable different areas of the organization to manage their own applications independently from each other. If this is the case, you can select which Intune scope you want to use with your Ivanti Neurons tenant, and you can have separate Ivanti Neurons tenants for different Intune scopes.

Watch a related video (2:50)

All of the data in Patch for Intune is based on the scope selected in the Patch for Intune Settings. If you change the Current Scope in Ivanti Neurons to a different Intune scope then all of the data in your Patch for Intune environment will need to be re-evaluated based on the newly selected scope. To do this, Patch for Intune will clean up all of the data stored within Patch for Intune, resetting you to a default state. Note that nothing is deleted from your Intune environment when you change Intune scope.

You need the Intune Administrator or Global Administrator role in Intune to set the Intune scope in Ivanti Neurons. Also ensure you have configured the required additional permissions, as described above in Azure Portal Information.

  1. Within your Ivanti Neurons tenant, go to Admin > Patch for Intune Settings.
  2. Under Current Scope, click edit scope icon.
    The Intune Scope Selection dialog appears.
  3. In the drop-down, select the required scope, then click Save. If you do not want to use an Intune scope, select Default.
    You are warned that changing scopes invalidates all of your Patch for Intune managed applications and data.
  4. Click Connect and reset.
    The Intune scope you are using changes. Your history and rollout campaigns are deleted, and your managed applications are reset. Nothing is deleted from your Intune environment. If you click Skip (not recommended), you will get unpredictable results.

To see information gathered from Microsoft Intune elsewhere in Ivanti Neurons, create a connector to Intune, as described in Microsoft Intune connector. This information appears in Devices and Patch Intelligence. For more information, see Devices and Patch Intelligence.

After completing the connection to your Intune tenant, you may be required to perform additional configurations in the future:

Publishing to multiple Intune tenants at the same time is not supported. To change Intune tenants, follow these steps:

  1. Stop managing all products in the current Intune tenant.
  2. Go to Admin > Patch for Intune Settings.
  3. Establish a connection with the new Intune tenant. Select the desired Intune credentials and then select Connect.
  4. Start managing products in the new Intune tenant.

The Redirect URI for your Ivanti Neurons tenant can change and you will need to configure a new Redirect URI in your Azure portal. When this occurs, upon accessing Software > Patch for Intune within Ivanti Neurons, you are prompted to select the credentials to use to connect to your Intune tenant. Follow these steps to configure a new Redirect URI:

  1. Within Neurons Patch for Intune, navigate to Admin > Patch for Intune Settings.
  2. Copy the Azure App Registration redirect URI using the Copy to clipboard Copy to clipboard button.
  3. Within your Azure portal, go to Authentication > Add a platform.
  4. In the Configure platforms panel, select Single-page application.
  5. Enter the Redirect URI previously copied in the appropriate field and select Configure.
  6. Within Neurons Patch for Intune, select the desired credentials and select Connect.