In this article

Sam360 integrates with Intune to enable comprehensive inventory scans of all your Intune-managed Windows devices. The Management Point uses Intune’s Graph API to register a PowerShell script to run daily, weekly, or monthly on each device. This script

  • Retrieves the web scan tool from the Sam360 portal
  • Conducts a thorough inventory scan of the device
  • Uploads the generated inventory file to Sam360
  • Intune Sam360 Scan-General Details
    Intune Sam360 Scan General Details
  • Intune Sam360 Scan Hardware Details
  • Intune Sam360 Scan Operating System Details
  • Intune Sam360 Scan Active Directory Details
  • Intune Sam360 Scan OEM Warranty Details
  • Intune Sam360 Scan End Point Protection Details
  • Intune Sam360 Scan Activity Details
  • Intune Sam360 Scan Location Details
  • Intune Sam360 Scan Licensed Software Details
  • Intune Sam360 Scan Logical Drive Details
  • Intune Sam360 Scan Windows Services Details

To manage the Intune PowerShell script, Sam360 creates an App Principal in the target Azure AD environment. The App Principal is configured with the following permissions

  • Microsoft Graph -> Organization.Read.All
  • Microsoft Graph -> Directory.Read.All
  • Microsoft Graph -> Group.ReadWrite.All
  • Microsoft Graph -> DeviceManagementConfiguration.ReadWrite.All
  • Microsoft Graph -> DeviceManagementManagedDevices.ReadWrite.All
  • Microsoft Graph -> DeviceManagementApps.Read.All

The App Principal key is stored securely locally on the Management Point device. It is never transmitted to Sam360 servers. The App principal can be disabled or deleted at any time in the target Azure AD environment.

Install Sam360/Intune Integration

  1. Ensure that the required PowerShell modules are installed. Instructions here.
  2. Ensure that the Management Point user account can access the following URLs
    • login.microsoftonline.com:443
    • aadcdn.msauth.net:443
    • graph.windows.net:443
    • graph.microsoft.com:443
  3. Start the Management Point configuration tool. Instructions here.
  4. Click ‘Tasks’
  5. Click ‘Add Task’, ‘Cloud Service’, then ‘Intune’
  6. Click ‘Set Up Intune Integration’
  7. A PowerShell script will execute in the background to create the App Principal. The script will prompt for the credentials on an Microsoft 365 Tenant Administrator account twice The same account details should be used each time. These account details are not stored.
  8. Click ‘Test Settings’ to verify that the integration has been configured correctly.
  9. Click OK. The Management Point will connect to the Microsoft 365 service using the specified credentials and schedule the scan script to run on all Intune managed Windows devices.

Uninstall Sam360/Intune Integration

To remove the Sam360 Intune integration and delete all the components created by the task, follow these steps

  1. Delete the MP task
    • Delete the Intune Task in the Management Point configuration tool OR
    • Delete the Intune Task in the Sam360 portal OR
    • Uninstall the Management Point OR
    • Delete the VM where the Management Point is installed
  2. Delete the Intune script that collects inventory information from managed devices
    1. Log in to Intune portal (https://intune.microsoft.com/)
    2. Navigate to Devices > Scripts and remediations > Platform Scripts
    3. Delete ‘Sam360 Intune Scan Script (%Management Point Device Name%)
  3. Delete the Sam360 Intune integration account
    1. Log in to Azure portal (https://portal.azure.com/)
    2. Navigate to Microsoft Entra ID > Enterprise Applications
    3. Delete ‘Sam360 Intune Integration’
Rate This Article :

Leave A Comment

Partner First

Enabling data driven IT projects

Get Support

    support@sam360.com
    Mon-Fri: 09:00 – 18:00 UTC
  • +353 1 566 6390‬

Find Us

NCI Research Centre, IFSC Dublin 1, Ireland
Go to Top