Set up your MDM account: Microsoft Intune

Important: Every effort has been made to provide information that is current and accurate. While this information is considered to be true and correct at the date of (January, 2024), changes in content after that time may impact the accuracy.

To use Microsoft Intune with the Destiny Resource Manager Mobile Device Management (MDM) Integration feature, you need to do some setup.

Credentials

To connect Microsoft Entra to Destiny Mobile Device Management (MDM), the following three credentials are required from the Microsoft Entra admin center:

  • Tenant ID:

    To find the Tenant ID, select Identity > Overview.

    Microsoft Entra admin center homepage

  • Client ID
    1. Select Identity > Applications > App Registrations.Micrsoft Entra App registrations
    2. Enter a name, such as Destiny (recommended).
    3. Under Supported account types, select Accounts in this organizational directory only (MSFT only - Single tenant).

    After you register, your Client ID appears under App registrations > Overview.

    Destiny app registration in Microsoft Entra

  • Client Secret:
    1. Select Applications > App registrations > Destiny.
    2. Under Manage, select Certificates & secrets.Microsoft Entra certificates and secrets page
    3. Click + New client secret.The 'Add a client secret' pop-up appears.

      Microsoft Entra Add a client secret pop-up

    4. Enter a name in the Description field, and select an expiration date from the drop-down.

    Note: Once the secret is created, its value is visible until the page is closed.

    Microsoft Entra client secret for Destiny

    Important: Client secret values can only be viewed immediately after creation. Be sure to save the secret before leaving the page.

API Permissions

To use all of the features available in Destiny Mobile Device Management (MDM), an application must have related privileges and access levels set up. This lets you read and write data, when needed.

  1. Sign in to the Microsoft Entra admin center.
  1. If you have access to multiple tenants, in the top right corner, click the settings icon, setting icon. Then, select the desired Directory name.
  1. Select Identity > Applications > App registrations > All applications and select your client application.

    Microsoft Entra admin center with Destiny RM app highlighted

  1. Select API permissions > + Add a permission.
    Note: This is different from your web API.

    Microsoft Entra add API permission

  1. On the Request API permissions page, click Microsoft Graph.

    Request API permissions for Microsoft Graph

  2. Add the following permissions:
    1. Delegated permissions:
      1. User.read
    2. Application permissions:
      1. AuditLog.Read.All
      2. BrowserSiteLists.Read.All
      3. Device.Read.All
      4. Device.ReadWrite.All
      5. DeviceManagementConfiguration.Read.All

      6. DeviceManagementConfiguration.ReadWrite.All

      7. DeviceManagementManagedDevices.PrivilegedOperations.All

      8. DeviceManagementManagedDevices.Read.All

      9. DeviceManagementManagedDevices.ReadWrite.All

      10. DeviceManagementRBAC.Read.All

      11. DeviceManagementRBAC.ReadWrite.All

      12. DeviceManagementServiceConfig.Read.All

      13. Directory.Read.All

      14. Directory.ReadWrite.All

      15. Directory.Write.Restricted

      16. Group.Create

      17. Group.Read.All

      18. Group.ReadWrite.All

      19. GroupMember.Read.All

      20. GroupMember.ReadWrite.All

      21. Place.Read.All

After these permissions have been added, they will appear as a list of configured permissions.