From version 7.1 onward, Lansweeper is capable of scanning Android, iOS (iPhone and iPad) and Windows Phone mobile devices that are enrolled in Microsoft Intune. This article explains what the Intune scanning requirements are and how to generate the application ID required for scanning.
Intune scanning requirements
To scan mobile devices through Microsoft Intune, the following requirements must be met:
- Your Lansweeper installation must be version 7.1 or higher.
- Your Lansweeper license must support Intune scanning.
- Your Lansweeper scanning server must have access to the Internet.
- Your mobile devices must be enrolled in Microsoft Intune. Enrollment instructions can be found on the Microsoft website.
- Your mobile devices must be Android, iOS (iPhone or iPad) or Windows Phone devices.
- You must provide Lansweeper with the email address and password of a user that can see your Intune devices in Microsoft Azure. An Intune administrator is guaranteed to have sufficient rights.
- The user submitted as scanning credential in Lansweeper may not have multi-factor authentication (MFA) enabled.
- You must provide Lansweeper with the application ID of an application that can read Intune devices from the Microsoft Graph API.
Setting up the Intune application
To set up an application that can read Intune devices from the Microsoft Graph API, do the following:
- Log into your Azure account.
- Select the Azure Active Directory menu on the left, the App registrations section within this menu and hit the New registration button.
- Submit a name for your application and hit the Register button at the bottom of the page. Optionally, though this is less secure, you can change the account types setting on the page to allow accounts in other organizational directories to access the app as well.
- Copy the application ID that is listed on the resulting page, as you'll need to submit this in Lansweeper.
- Select the Authentication menu of your application, set the default client type setting to Yes and hit Save.
- Select the API permissions menu of your application and hit the Add a permission button.
- Select Microsoft Graph from the list of available APIs in the resulting popup and then select Delegated permissions
- Submit DeviceManagementManagedDevices.Read.All in the search box, tick the permission in the search results and hit Add permissions at the bottom of the page. The aforementioned permission allows the app to read Microsoft Intune devices.
- Have someone with administrative rights to your Azure Active Directory hit the Grant admin consent for <your organization name> button on the resulting page.
- You now have an application ID that you can submit as part of your Intune scanning credential in Lansweeper. You'll also need to submit the email address and password of a user that can see your Intune devices in Microsoft Azure. Instructions for configuring Intune scanning in Lansweeper can be found in this knowledge base article.