<h2>Set up the Microsoft Intune spoke</h2><br/><div style="overflow-x:auto"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta content="text/html; charset=UTF-8" /><meta name="copyright" content="(C) Copyright 2024" /><meta name="DC.rights.owner" content="(C) Copyright 2024" /><meta name="generator" content="DITA-OT" /><meta name="DC.type" content="task" /><meta name="DC.title" content="Set up the Microsoft Intune spoke" /><meta name="abstract" content="Integrate your ServiceNow instance with the Microsoft Intune account by creating a custom OAuth application in Microsoft Intune." /><meta name="description" content="Integrate your ServiceNow instance with the Microsoft Intune account by creating a custom OAuth application in Microsoft Intune." /><meta name="DC.creator" content="Vaughn Romero" /><meta name="DC.creator" content="Mark Moulder" /><meta name="DC.creator" content="ServiceNow" /><meta name="DC.date.created" content="2023-08-03" /><meta name="DC.date.modified" content="2023-08-03" /><meta name="DC.format" content="XHTML" /><meta name="DC.identifier" content="setup-ms-intune" /><link rel="stylesheet" type="text/css" href="../../../CSS/commonltr.css" /><title>Set up the Microsoft Intune spoke</title></head><body> <div class="nested0" id="setup-ms-intune"> <h1 class="title topictitle1" id="ariaid-title1">Set up the <span class="ph">Microsoft</span> Intune spoke</h1> <div class="body taskbody"><p class="shortdesc">Integrate your <span class="ph">ServiceNow</span> instance with the <span class="ph">Microsoft</span> Intune account by creating a custom OAuth application in <span class="ph">Microsoft</span> Intune.</p> <div class="section prereq p"> <ul class="ul" id="setup-ms-intune__ul_agy_qxd_rlb"><li class="li">Request an <span class="ph">Integration Hub</span> subscription.</li><li class="li">Activate the <span class="ph">Microsoft</span> Intune plugin.</li><li class="li">Role required: admin</li></ul> </div> </div> <div class="topic task nested1" id="reg-app-ms-intune"> <h2 class="title topictitle2" id="ariaid-title2">Register OAuth application using the <span class="ph">Microsoft</span> Azure portal</h2> <div class="body taskbody"><p class="shortdesc">Provide authorization to the <span class="ph">ServiceNow</span> instance by registering an application on <span class="ph">Microsoft Azure AD</span>.</p> <div class="section prereq p" id="reg-app-ms-intune__prereq_vyd_vls_fnb">Role required: Azure Active Directory admin</div> <div class="section context" id="reg-app-ms-intune__context_df3_lsg_2hb">Complete these steps from the <span class="ph">Microsoft</span> Azure portal.</div> <ol class="ol steps" id="reg-app-ms-intune__steps_zc2_jwv_cjb"><li class="li step stepexpand"> <span class="ph cmd">Log in to the <span class="ph">Microsoft</span> Azure portal.</span> <div class="itemgroup info">For instructions on registering an application, see <a class="xref" href="https://docs.microsoft.com/en-us/powerapps/developer/common-data-service/walkthrough-register-app-azure-active-directory" target="_blank" rel="noopener noreferrer">Tutorial: Register an app with Azure Active Directory</a> in the <a class="xref" href="https://docs.microsoft.com/en-gb/" target="_blank" rel="noopener noreferrer"><span class="ph">Microsoft</span> Azure documentation</a>.</div> </li><li class="li step stepexpand"> <span class="ph cmd">In the Azure portal, add the <span class="ph uicontrol">Redirect URIs</span>.</span> <div class="itemgroup info">The Redirect URI should be in the format ttps://<instance-name>.service-now.com/oauth_redirect.do. For more information, see <a class="xref" href="https://docs.microsoft.com/en-us/azure/time-series-insights/time-series-insights-authentication-and-authorization" target="_blank" rel="noopener noreferrer">Authentication and authorization for Azure Time Series Insights API</a>.</div> </li><li class="li step stepexpand"> <span class="ph cmd">For the <span class="ph uicontrol">Required Permissions</span>, ensure that you provide these permissions:</span> <div class="itemgroup info"> <div class="fig fignone" id="reg-app-ms-intune__fig_cl3_qps_fnb"> <img class="image" id="reg-app-ms-intune__image_b2g_rps_fnb" src="../image/api-permission-ms-intune.png" alt="API permissions" /> </div> Depending on your requirement, the permissions can be of the type, <span class="ph uicontrol">Application</span>, or <span class="ph uicontrol">Delegated</span>. For more information, see <a class="xref" href="https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis" target="_blank" rel="noopener noreferrer">Quickstart: Configure a client application to access a web API</a> in <a class="xref" href="https://docs.microsoft.com/en-us/" target="_blank" rel="noopener noreferrer">Microsoft Docs</a>.</div> </li><li class="li step stepexpand"> <span class="ph cmd">In the Azure portal, create a client secret.</span> <div class="itemgroup info">For more information, see <a class="xref" href="https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal" target="_blank" rel="noopener noreferrer">Option 2: Create a new application secret</a>.</div> </li><li class="li step stepexpand"> <span class="ph cmd">Copy the client secret for later reference.</span> </li></ol> <div class="section result" id="reg-app-ms-intune__result_dtv_sjy_thb">The <span class="ph">ServiceNow</span> application is created with <span class="ph">Microsoft</span> <span class="ph">Azure Active Directory</span>.</div> </div> </div> <div class="topic task nested1" id="reg-oauth-ms-intune"> <h2 class="title topictitle2" id="ariaid-title3">Register <span class="ph"> <span class="ph">Microsoft</span> Intune</span> as an OAuth provider</h2> <div class="body taskbody"><p class="shortdesc">Use the information generated during the application configuration in <span class="ph">Microsoft</span> Azure portal to register <span class="ph"> <span class="ph">Microsoft</span> Intune</span> as the OAuth provider so that the <span class="ph">ServiceNow</span> instance can request OAuth 2.0 tokens.</p> <div class="section prereq p"> <p class="p">Role required: admin</p> </div> <ol class="ol steps" id="reg-oauth-ms-intune__steps_atf_rss_fnb"><li class="li step stepexpand"> <span class="ph cmd">Navigate to <span class="ph menucascade"><span class="ph uicontrol">All</span> > <span class="ph uicontrol">System OAuth</span> > <span class="ph uicontrol">Application Registry</span></span>.</span> </li><li class="li step stepexpand"> <span class="ph cmd">Open for the record, <span class="ph uicontrol">Microsoft Intune</span>.</span> </li><li class="li step stepexpand"> <span class="ph cmd">On the form, fill these values.</span> <div class="itemgroup info"> <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="reg-oauth-ms-intune__table_hpt_1wg_2hb" class="table" frame="border" border="1" rules="all"><caption><span class="tablecap"><span class="table--title-label">Table 1. </span>Application Registries form</span></caption><colgroup><col /><col /></colgroup><thead class="thead" style="text-align:left;"><tr class="row"><th class="entry cellrowborder" style="vertical-align:top;" id="d733756e361">Field</th><th class="entry cellrowborder" style="vertical-align:top;" id="d733756e364">Description</th></tr></thead><tbody class="tbody"><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e361 ">Client ID</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e364 ">Application ID created during application registration.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e361 ">Client Secret</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e364 ">Client secret created during application registration.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e361 ">Active</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e364 ">Option to actively use the application registry.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e361 ">Authorization URL</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e364 ">OAuth authorization code endpoint. Enter https://login.microsoftonline.com/<Directory-ID>/oauth2/v2.0/authorize.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e361 ">Token URL</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e364 ">OAuth server token endpoint. Enter https://login.microsoftonline.com/<Directory-ID>/oauth2/v2.0/token.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e361 ">Token Revocation URL</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e364 ">OAuth server token revocation endpoint.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e361 ">Redirect URL</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e364 ">OAuth callback endpoint. Enter https://<instance-name>.service-now.com/oauth_redirect.do.</td></tr></tbody></table> </div> </div> </li><li class="li step stepexpand"> <span class="ph cmd">Right-click the form header, and click <span class="ph uicontrol">Save</span>.</span> </li></ol> </div> </div> <div class="topic task nested1" id="cred-ms-intune"> <h2 class="title topictitle2" id="ariaid-title4">Create a credential record for the <span class="ph"> <span class="ph">Microsoft</span> Intune</span> spoke</h2> <div class="body taskbody"><p class="shortdesc">Authorize the <span class="ph"> <span class="ph">Microsoft</span> Intune</span> spoke actions by creating credential records for the application registered in the <span class="ph">Microsoft</span> Azure portal. The <span class="ph"> <span class="ph">Microsoft</span> Intune</span> connection and credential alias uses these credentials to authorize actions.</p> <div class="section prereq p"> <p class="p">Role required: admin.</p> </div> <ol class="ol steps" id="cred-ms-intune__steps_izn_vts_fnb"><li class="li step stepexpand"> <span class="ph cmd">Navigate to <span class="ph menucascade"><span class="ph uicontrol">All</span> > <span class="ph uicontrol">Connections & Credentials</span> > <span class="ph uicontrol">Credentials</span></span>.</span> </li><li class="li step stepexpand"> <span class="ph cmd">Click <span class="ph uicontrol">New</span>.</span> <div class="itemgroup stepresult"> <p class="p">The system displays this message: <samp class="ph systemoutput">What type of Credentials would you like to create?</samp> </p> </div> </li><li class="li step stepexpand"> <span class="ph cmd">Select <span class="ph uicontrol">OAuth 2.0 Credentials</span>.</span> </li><li class="li step stepexpand"> <span class="ph cmd">On the form, fill in the fields.</span> <div class="itemgroup info"> <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cred-ms-intune__table_wng_1yg_2hb" class="table" frame="border" border="1" rules="all"><caption><span class="tablecap"><span class="table--title-label">Table 2. </span>OAuth 2.0 Credentials form</span></caption><colgroup><col /><col /></colgroup><thead class="thead" style="text-align:left;"><tr class="row"><th class="entry cellrowborder" style="vertical-align:top;" id="d733756e598">Field</th><th class="entry cellrowborder" style="vertical-align:top;" id="d733756e601">Description</th></tr></thead><tbody class="tbody"><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e598 ">Name</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e601 ">Name to uniquely identify the record. For example, MS Intune Cred.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e598 ">Active</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e601 ">Option to actively use the credential record.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e598 ">OAuth Entity Profile</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e601 ">OAuth profile created during the registration of <span class="ph"> <span class="ph">Microsoft</span> Intune</span> as an OAuth provider. For example, Microsoft Intune default_profile.</td></tr></tbody></table> </div> </div> </li><li class="li step stepexpand"> <span class="ph cmd">Right-click the form header and click <span class="ph uicontrol">Submit</span>.</span> </li><li class="li step stepexpand"> <span class="ph cmd"> To generate the OAuth token, click the <span class="ph uicontrol">Get OAuth Token</span> related link.</span> </li></ol> </div> </div> <div class="topic task nested1" id="conn-ms-intune"> <h2 class="title topictitle2" id="ariaid-title5">Create a connection record for the <span class="ph"> <span class="ph">Microsoft</span> Intune</span> spoke</h2> <div class="body taskbody"><p class="shortdesc">Perform actions in <span class="ph"> <span class="ph">Microsoft</span> Intune</span> by creating connection records for your <span class="ph"> <span class="ph">Microsoft</span> Intune</span> account. The <span class="ph"> <span class="ph">Microsoft</span> Intune</span> connection and credential alias uses these connections to perform actions.</p> <div class="section prereq p" id="conn-ms-intune__prereq_a3n_yqy_nsb"> <p class="p">Role required: admin.</p> </div> <ol class="ol steps" id="conn-ms-intune__steps_gvq_g5s_fnb"><li class="li step stepexpand"> <span class="ph cmd">Navigate to <span class="ph menucascade"><span class="ph uicontrol">All</span> > <span class="ph uicontrol">Connections & Credentials</span> > <span class="ph uicontrol">Connections & Credentials Aliases</span></span>.</span> </li><li class="li step stepexpand"> <span class="ph cmd">Open the alias record, <span class="ph uicontrol">Microsoft_Intune</span>.</span> </li><li class="li step stepexpand"> <span class="ph cmd">From the <span class="ph uicontrol">Connections</span> tab, click <span class="ph uicontrol">New</span>.</span> </li><li class="li step stepexpand"> <span class="ph cmd">On the form, fill in the fields.</span> <div class="itemgroup info"> <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="conn-ms-intune__table_c4p_lzg_2hb" class="table" frame="border" border="1" rules="all"><caption><span class="tablecap"><span class="table--title-label">Table 3. </span>HTTP(s) Connection form</span></caption><colgroup><col /><col /></colgroup><thead class="thead" style="text-align:left;"><tr class="row"><th class="entry cellrowborder" style="vertical-align:top;" id="d733756e810">Field</th><th class="entry cellrowborder" style="vertical-align:top;" id="d733756e813">Description</th></tr></thead><tbody class="tbody"><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e810 ">Name</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e813 ">Name to uniquely identify the record. For example, MS Intune Connection.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e810 ">Credential</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e813 ">Credential record created for <span class="ph">Microsoft Intune spoke</span>. For example, MS Intune Cred.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e810 ">Connection alias</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e813 ">Alias record associated with this connection.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e810 ">URL builder</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e813 "> <div class="note"><span class="notetitle">Note:</span> Do not select the check box.</div> </td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e810 ">Connection URL</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e813 ">Connection URL. Enter https://graph.microsoft.com.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e810 ">Active</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e813 ">Option to actively use the connection.</td></tr><tr class="row"><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e810 ">Domain</td><td class="entry cellrowborder" style="vertical-align:top;" headers="d733756e813 ">Domain that the action or activity runs in.</td></tr></tbody></table> </div> </div> </li><li class="li step stepexpand"> <span class="ph cmd">In the <span class="ph uicontrol">Attributes</span> tab, specify v1.0 for <span class="ph uicontrol">u_version</span>.</span> </li><li class="li step stepexpand"> <span class="ph cmd">Click <span class="ph uicontrol">Submit</span>.</span> </li></ol> <div class="section result" id="conn-ms-intune__result_bmw_vtw_mhb">The <span class="ph"> <span class="ph">Microsoft</span> Intune</span> spoke is set up and <span class="ph"> <span class="ph">Microsoft</span> Intune</span> is integrated with the <span class="ph">ServiceNow</span> instance.</div> </div> </div> </div> </body></html></div>