Intune scanning requirements

From version 7.1 onward, Lansweeper is capable of scanning Android, iOS (iPhone and iPad) and Windows Phone mobile devices that are enrolled in Microsoft Intune. This article explains what the requirements are for Intune scanning and how to generate the application ID required for scanning.

Requirements

To scan mobile devices through Microsoft Intune, the following requirements must be met:

  • Your Lansweeper installation must be version 7.1 or higher.
  • Your Lansweeper license must support Intune scanning.
  • Your Lansweeper scanning server must have access to the Internet.
  • Your mobile devices must be enrolled in Microsoft Intune. Enrollment instructions can be found on the Microsoft website.
  • Your mobile devices must be Android, iOS (iPhone or iPad) or Windows Phone devices.
  • You must provide Lansweeper with the email address and password of a user that can see your Intune devices in Microsoft Azure. An Intune administrator is guaranteed to have sufficient rights.
  • The user submitted as scanning credential in Lansweeper may not have multi-factor authentication (MFA) enabled.
  • You must provide Lansweeper with the application ID of an application that can read Intune devices from the Microsoft Graph API.

Setting up the Intune application

To set up an application that can read Intune devices from the Microsoft Graph API, do the following:

  1. Log into your Azure account.
  2. Select the Azure Active Directory menu on the left, the App registrations section within this menu and hit the New registration button.
    new Azure app registration
  3. Submit a name for your application and hit the Register button at the bottom of the page. Optionally, though this is less secure, you can change the account types setting on the page to allow accounts in other organizational directories to access the app as well.
    registering an Azure application
  4. Copy the application ID that is listed on the resulting page, as you'll need to submit this in Lansweeper.
    Azure application ID
  5. Select the Authentication menu of your application, set the default client type setting to Yes and hit Save.
    Azure app default client type
  6. Select the API permissions menu of your application and hit the Add a permission button.
    adding permissions to an Azure app
  7. Select Microsoft Graph from the list of available APIs in the resulting popup and then select Delegated permissions
  8. Submit DeviceManagementManagedDevices.Read.All in the search box, tick the permission in the search results and hit Add permissions at the bottom of the page. The aforementioned permission allows the app to read Microsoft Intune devices.
    Read Microsoft Intune devices
  9. Have someone with administrative rights to your Azure Active Directory hit the Grant admin consent for <your organization name> button on the resulting page.
    grant admin consent for an Azure app
  10. You now have an application ID that you can submit as part of your Intune scanning credential in Lansweeper. You'll also need to submit the email address and password of a user that can see your Intune devices in Microsoft Azure. Instructions for configuring Intune scanning in Lansweeper can be found in this knowledge base article.

Related Articles