Microsoft Intune connector
This connector can be run in the cloud or using an on-premises connector server.
The Microsoft Intune connector gathers data about devices from Microsoft Intune for use in Ivanti Neurons. This connector can be used without Ivanti patch products.
For information about what data is imported and how it is mapped, see Mapping (below).
In order to connect Microsoft Intune to the Neurons Platform, you first need to create an application in Entra ID (formerly Azure AD) with a variety of permissions (listed below). All permissions must be approved with Grant admin consent. For information on creating the app, see Creating apps in Entra ID for Microsoft connectors.
 Full list of required API permissions
Full list of required API permissions
                                            The following application permissions (not delegated permissions) are required for setting up the connector only. If you want to use the same app registration for both the connector and Neurons Patch for Intune, you will need additional permissions. For details, see Connecting to Your Intune Tenant > Azure Portal Information.
Device.Read.All
DeviceManagementApps.Read.All
DeviceManagementConfiguration.Read.All
DeviceManagementManagedDevices.Read.All
DeviceManagementRBAC.Read.All
Directory.Read.All
User.Read.All
To perform actions and queries in Neurons, you will also need:
- DeviceManagementManagedDevices.ReadWrite.All
- Directory.ReadWrite.All
- User.ReadWrite.All
You will also need to fill in the Action credentials fields for this connector.
Options
A Microsoft Intune connector has the following options:
- Connector name: A name for the connector.
- Connector server name: The  name of the connector server that this connector is associated with. When running the connector in the cloud, this server needs to be the Cloud option in the list.
 Each connector can only be associated with one connector server. If you added this connector to a specific connector server (on the Connectors > Connector Servers page), this field will be populated for you. Otherwise, you can select the server from the list.
- Directory (tenant) ID: The ID of the tenant you created in Entra ID.
- Application (client) ID: The ID of the application you created in Entra ID.
- Client secret: The client secret associated with the application you created in Entra ID.
- Devices
                                                - Stale threshold: A threshold limits the amount of data that is gathered for Neurons. The connector will only import devices that have checked in or been updated during that period of time.
- Compliance Status: The compliance status indicates if the device meets the security and configuration requirements defined in the compliance policies.
- Join type: Import specific devices using a type filter. Supported values are: Microsoft Entra Registered, Microsoft Entra Joined, Hybrid Microsoft Entra Joined, and Unknown.
- Category: Import specific devices using a category filter. Categories are found in the Microsoft Intune Admin Center under Home > Devices | All Devices > Device > Properties.
- 
                                                        Scope tag: Import specific devices using a scope tag filter. Scope tags are created and maintained within Microsoft Intune. You will need the DeviceManagementRBAC.Read.All and DeviceManagementConfiguration.Read permissions within your Entra ID app to use this filter in Neurons. 
- 
                                                        Include personal devices: Import personal devices and the corporate–owned devices. By default, corporate–owned devices are imported. 
 
- Repeats: How often the connector should gather data.
- Start time: The time of day the connector should start running. To minimize the impact on your network and applications, we recommend that connectors generally run at night or on weekends.
- Active: Whether the connector is active or not. While the connector is active, it runs according to the schedule you create. If you clear the check box, the connector is inactive and will not gather data until the check box is enabled again and the connector is saved.
- Action Credentials: The credentials Ivanti Neurons uses to perform actions and queries on device or people records. The types of available actions and queries will depend on your specific work environment. You will need the DeviceManagementManagedDevices.ReadWrite.All, Directory.ReadWrite.All, and User.ReadWrite.All permissions within your Entra ID app to perform actions and queries in Neurons.
For details on configuring or using connectors, see Connectors.
Mapping
The data that this connector imports is mapped to target attributes in the Neurons Platform database.
For an overview of how the data imported by this connector is mapped to the Neurons target attributes, please download the CSV file using the button below.
For an overview of the Neurons target attributes per data type and the connector source attributes that are mapped to them, see Connector data mapping.