Set up your MDM account: Microsoft Intune

Important: Every effort has been made to provide information that is current and accurate. While this information is considered to be true and correct at the date of (January, 2024), changes in content after that time may impact the accuracy.

To use Microsoft Intune with the Destiny Resource Manager Mobile Device Management (MDM) Integration feature, you need to do some setup.

Credentials

To connect Microsoft Entra to Destiny Mobile Device Management (MDM), the following three credentials are required from the Microsoft Entra admin center:

  • Tenant ID:

    To find the Tenant ID, select Identity > Overview.

    Microsoft Entra admin center homepage

  • Client ID
    1. Select Identity > Applications > App Registrations.Micrsoft Entra App registrations
    2. Enter a name, such as Destiny (recommended).
    3. Under Supported account types, select Accounts in this organizational directory only (MSFT only - Single tenant).

    After you register, your Client ID appears under App registrations > Overview.

    Destiny app registration in Microsoft Entra

  • Client Secret:
    1. Select Applications > App registrations > Destiny.
    2. Under Manage, select Certificates & secrets.Microsoft Entra certificates and secrets page
    3. Click + New client secret.The 'Add a client secret' pop-up appears.

      Microsoft Entra Add a client secret pop-up

    4. Enter a name in the Description field, and select an expiration date from the drop-down.

    Note: Once the secret is created, its value is visible until the page is closed.

    Microsoft Entra client secret for Destiny

    Important: Client secret values can only be viewed immediately after creation. Be sure to save the secret before leaving the page.

API Permissions

To use all of the features available in Destiny Mobile Device Management (MDM), an application must have related privileges and access levels set up. This lets you read and write data, when needed.

  1. Sign in to the Microsoft Entra admin center.
  2. If you have access to multiple tenants, in the top right corner, click the settings icon, setting icon. Then, select the desired Directory name.
  3. Select Identity > Applications > App registrations > All applications and select your client application.

    Microsoft Entra admin center with Destiny RM app highlighted

  4. Select API permissions > + Add a permission.
    Note: This is different from your web API.

    Microsoft Entra add API permission

  5. On the Request API permissions page, click Microsoft Graph.

    Request API permissions for Microsoft Graph

  6. Add the following permissions:
    1. Delegated permissions:
      1. User.read
    2. Application permissions:
      1. AuditLog.Read.All
      2. BrowserSiteLists.Read.All
      3. Device.Read.All
      4. Device.ReadWrite.All
      5. DeviceManagementConfiguration.Read.All
      6. DeviceManagementConfiguration.ReadWrite.All
      7. DeviceManagementManagedDevices.PrivilegedOperations.All
      8. DeviceManagementManagedDevices.Read.All
      9. DeviceManagementManagedDevices.ReadWrite.All
      10. DeviceManagementRBAC.Read.All
      11. DeviceManagementRBAC.ReadWrite.All
      12. DeviceManagementServiceConfig.Read.All
      13. Directory.Read.All
      14. Directory.ReadWrite.All
      15. Directory.Write.Restricted
      16. Group.Create
      17. Group.Read.All
      18. Group.ReadWrite.All
      19. GroupMember.Read.All
      20. GroupMember.ReadWrite.All
      21. Place.Read.All

After these permissions have been added, they will appear as a list of configured permissions.