Considerations for Destiny Resource Manager's Mobile Device Management (MDM) integration:
Microsoft Intune
Districts should consider some things when deciding to integrate Microsoft Intune with Destiny Resource Manager. There are many options and nuances to the base configuration, which can make integrating complicated – especially when your devices are already in Resource Manager.
This information is not intended to be a comprehensive explanation of all features and possibilities. It gives a high-level overview of the functionality.
Contact your Follett technology sales representative to schedule a discussion of the process, and hear about our implementation services.
Capability
The main benefit of the integration is:
- Automatic loading of Microsoft Intune data into Destiny: Different than the manual process of getting a data file, converting it, and importing records into Resource Manager, the MDM Integration feature is designed to let data automatically flow into Destiny, adding and updating records in Destiny based on changes in Microsoft Intune. When a new device is provisioned, it can be added to Destiny automatically.
Scope Limitations
The scope of the integration is limited to:
- One resource type: To keep the process as simple as possible, the integration is built to work with one resource type in Resource Manager. It is not designed to work with multiple types of devices organized in multiple resource types.
Requirements
There are certain data points that must be reviewed and considered before beginning integration:
- Device Name: In Resource Manager, devices are organized as resources, each having a unique name within a specific resource type. The displayable name of the resource can be comprised of multiple fields on the resource record. The Microsoft Intune model field is the common field that has the corresponding value. For the initial sync and for future additions, it is important for the name values to match. The integration offers a Transform function that can be used to connect existing values in Microsoft Intune to existing values in Resource Manager.
- Item Barcode: Because the item barcode is the field used for checking out and checking in items, it is a required field in the resource type definition. By default, Microsoft Intune does not have a common corresponding field used to store this data. The MDM Integration supports mapping in data from any of the 15 extension attribute fields, which can be used to store this data point.
- Destiny Site: One of the key benefits of Resource Manager is to let your district know where things physically reside in the district. This helps you save time and money by moving existing items from site to site, instead of buying additional items. The integration provides two means of linking Microsoft Intune data to Destiny sites:
- Dynamic Groups: Using the configuration of Dynamic Groups, you can map site-based groups to the specific Destiny site.
- Default Site: The MDM Integration can be set up without direct group-to-site relationships. Using the Default Site option, all devices already in Resource Manager are left in their current sites. New devices being added to Resource Manager for the first time are added to a single site, selected from the list of Destiny sites.
- Other: Each resource type can have its own configuration, including required fields. There may be additional fields required in the target resource type. This will be indicated on the field mapping screen. Whether or not a field is required can also be adjusted in the resource type definition.
- Microsoft Intune data to load into Destiny: You must be able to limit the data flow from Microsoft Intune into Resource Manager. The process for selecting what to synchronize with Destiny is done by selecting a set of static/dynamic groups.
Available Fields
There are many fields available for mapping from Jamf Pro to Resource Manager through the MDM Integration functionality.
See the available fields.
| Account Enabled | Activation Lock Bypass Code | Android Security Patch Level |
| Approximate Last Sign In Date Time | Azure AD Device Id | Azure AD Registered |
| Compliance Expiration Date Time | Compliance Grace Period Expiration Date Time | Compliance State |
| Created Date Time | Deleted Date Time | Device Category |
| Device Category Display Name | Device Enrollment Type | Device Health Attestation State |
| Device Id | Device Metadata | Device Name |
| Device Ownership | Device Registration State | Device Version |
| Display Name | Domain Name | EAS Activated |
| EAS Activation Date Time | EAS Device Id | Email Address |
| Enrolled Date Time | Enrollment Profile Name | Enrollment Type |
| Ethernet MacAddress | Exchange Access State | Exchange Access State Reason |
| Exchange Last Successful Sync Date Time | Extension Attribute 1 | Extension Attribute 2 |
| Extension Attribute 3 | Extension Attribute 4 | Extension Attribute 5 |
| Extension Attribute 6 | Extension Attribute 7 | Extension Attribute 8 |
| Extension Attribute 9 | Extension Attribute 10 | Extension Attribute 11 |
| Extension Attribute 12 | Extension Attribute 13 | Extension Attribute 14 |
| Extension Attribute 15 | External Source Name | Free Storage Space In Bytes |
| lccid | Id | IMei |
| Intune Id | Is Compliant | Is Encrypted |
| Is Managed | Is Rooted | Is Supervised |
| Jail Broken | Last Sync Date Time | Managed Device Name |
| Managed Device Owner Type | Management Agent | Management Certificate Expiration Date |
| Management Type | Manufacturer | Mdm App Id |
| Meid | Model | Notes |
| On Premises Last Sync Date Time | On Premises Sync Enabled | Operating System |
| Operating System Version | OsVersion | Partner Reported Threat State |
| Phone Number | Physical Memory In Bytes | Profile Type |
| Registration Date Time | Remote Assistance Session Error Details | Remote Assistance Session url |
| Require User Enrollment Approval | Serial Number | Source Type |
| Subscriber Carrier | Total Storage Space In Bytes | Trust Type |
| Lldid | User Display Name | User Id |
| User Principal Name | WiFi Mac Address |
Integration Overview
Following are the basic steps to a successful integration:
- Create an account in Microsoft Intune: Create the account that the MDM Integration system will use to authenticate into the MDM.
- Configure the connection info: Connect the MDM Integration to Microsoft Intune.
- Test the account: Use the MDM Integration tests to verify all of the needed permissions are set up.
- Select the data to load: Choose what groups to synchronize with Resource Manager.
- Select the site mapping: Configure the static/dynamic groups to Destiny site relationships.
- Select the resource type to sync into: Choose the one resource type where the data will live.
- Configure the field-to-field mapping: Select the source fields Microsoft Intune will route into the desired fields in Resource Manager, and set any additional options for each field.
-
Run the reports, and resolve issues: Review the output of the evaluation and comparison reports to resolve syncing conflicts before loading the data.
- All Microsoft Intune device data for the selected groups: This report gives a full export of all data available for syncing into Destiny.
- Microsoft Intune device data evaluation: MDM Integration reviews the Microsoft Intune data and reports problems relating to:
- Required fields that are empty: Devices in this state will be skipped when loading into Destiny.
- Duplicate values in fields that should be unique: Multiple devices with the same barcode or serial number will each process, causing confusion.
- Microsoft Intune to Destiny data comparison: MDM Integration compares the Microsoft Intune data against data existing in Resource Manager and reports devices that are:
- Site mismatches: According to the mapping, Microsoft Intune says a device is in site A, while in Destiny it is currently in site B.
- Name mismatches: This is a safety check to ensure device data in Microsoft Intune and Resource Manager match by name. This report can help uncover additional needed setup, such as:
- Model field value transformations: Using the Transform function to "find/replace" value strings.
- Relaxed Matching rules: Using the option to match just on Barcode and ignoring the name matching safety check.
- Not in Destiny: This is a "heads up" report to help identify devices in the selected groups that you don't actually want to sync to Resource Manager. This can be very helpful for cleaning up Microsoft Intune before unwanted data is added into Resource Manager.
-
Perform the initial Import & Sync Data operation: Import the first load, which will sync together the Microsoft Intune and Resource Manager records for updates moving forward.
See the Match Processing section.
Note: If there is no device data in Resource Manager already, all the records will be created in this step. -
Turn on Autosync: Enable the automatic flow of data from Microsoft Intune to Resource Manager.
Match Processing
The following gives a summary of the logic used to match incoming data to Resource Manager, whether on the initial sync or subsequent updates – manual or autosync.
- Resource Matching:
- Displayable Name: In Resource Manager, up to four fields can be concatenated to make up the displayable name. When performing matching, the MDM Integration builds up the displayable name in the same manner.
- If a resource by that name already exists, it is updated appropriately based on the settings.
- If a resource does not exist, it is created using the incoming data.
- Displayable Name: In Resource Manager, up to four fields can be concatenated to make up the displayable name. When performing matching, the MDM Integration builds up the displayable name in the same manner.
- Item Matching:
- Global Unique Identifier (GUID): The first match routine is the most secure, looking for the GUID value from Microsoft Intune in Resource Manager. If it is found, it is evident that the item was added through the MDM Integration or was previously synced and is the exact, right item to update.
- Barcode/District ID: If the item is not found by GUID, then the integration looks for either the barcode or district ID value based on the configuration. This is beneficial for the initial Import and Sync Data routine, tying the two systems together. It is also how the system knows to add a new item to Resource Manager. If no match is found on GUID or Barcode/District ID, then the item is added.
- Displayable Name verification: When a match is found, the system also performs a safety check to make sure it has found the right item under the right resource. If the item is found by GUID or by Barcode/District ID, under a different displayable name than the incoming value, the discrepancy is noted in the Audit Event logging and the item is skipped.
- Relaxed: There is an option to match without checking the displayable name value and to only match on GUID/Barcode/District ID. This can be useful if the names in Resource Manager are unique to different needs in Resource Manager, but have a common/generic model value in Microsoft Intune.