Configuring the Microsoft Intune MDM

Microsoft Intune acts as the Mobile Device Management (MDM) Server for Ivanti Policy Secure solution. Ivanti Policy Secure users have to register their mobile devices with Microsoft Intune. As part of registration, the relevant Profiles get automatically provisioned to mobile device.

To configure the Microsoft Intune MDM:

1. Enroll the devices with the MDM server.

2. Create an enterprise WiFi profile.

3. Configure Ivanti Policy Secure with a role and realm for the user. Microsoft Intune provides the user with a link to provision the created policy and then pushes the profile information. Ivanti Policy Secure does the role assignment and either allows or denies based on the device assessment. For more information, see Configuring Ivanti Policy Secure

4. Create Azure Active Directory (AAD) web application.

5. Go to portal.azure.com, click on the Azure Active Directory on the left of the screen, click on to App registrations and click on New application registration.

   

6. Enter the application name, select Web app/API as application type, and enter the IP address/FQDN for sign-on-URL and Click Create.

   

   The Application Registration page appears if the registration is successful.

   

7. Click the application and select the required permissions and click Add.

   

8. Click Grant Permission.

9. Select Microsoft Intune API.

   

   Under Application Permissions, select Get device and compliance information from Microsoft Intune.

   

10. (Optional) You must add the following delegated permissions for Microsoft Graph API.

    • Sign in and read user profile

    • Sign Users in

    • View users’ email address

    • View users’ basic profile

11. (Optional) Add the following delegated permissions for Azure Active Directory.

    • Sign in and read user profile

    • Read all users' basic profiles

    • Access the directory as the signed-in user.

    

Viewing Client ID, Tenant ID, and Client Secret

The Client ID/Application ID is created automatically once the AAD web application/API is created. You can view the client ID/application ID from the application properties page.

Every organization in Microsoft cloud is called tenant and it is organization specific. Each Tenant will be having a unique Tenant ID. Select the web application/API and click Endpoints tab and then you can copy the tenant ID.

To create the secret key, click the Web Application/API and then click Keys.