Intune Connector

  • Updated on Apr 17, 2026
  • Published on Feb 24, 2026
  • 9 minute(s) read
Prev Next

The Intune Connector integrates with Asset Management to automatically synchronize managed device data by importing assets into the application using the Intune Graph API. It eliminates manual asset entry by importing device information directly from Intune. It ensures that Discovery and Inventory records remain accurate, consistent, and aligned with the latest device data from Intune.

The Intune Connector supports two synchronization modes:

  • Inventory Sync – Inventory Sync imports Intune devices directly into the SymphonyAI Asset Management module as Fixed Assets. It supports classification, allocation, and tracking lifecycle of assets. The IT analyst can also select to import/move the Fixed Assets to CMDB.

  • Discovery Sync – Discovery Sync imports Intune devices into the SymphonyAI Discovery module for visibility, reconciliation, and reporting. Importing Intune devices into Discovery module supports the features of Discovery like hardware variance, software variance, and software blacklisting. The IT analyst can also select to import/move the Discovered Devices to Fixed Assets and/or CMDB.

Benefits

  • Automate Asset Synchronization

  • Improve Data Accuracy

  • Intelligent Auto Allocation

Use-Case

Use Case

User Persona: Analyst

Solution

New laptops are deployed to 200 employees. Manual asset entry and allocation consume significant time.

Analyst configures Intune Connector to import devices and auto-assign them based on user’s email ID benefitting from zero manual effort and real-time inventory visibility.

Configure Intune Connector

To configure Intune Connector, perform the following steps:

  1. Navigate to ITAM > Asset > Configuration > Intune > Intune Configuration.
    The Intune Connector Configuration page is displayed.

    Figure: Intune Connector Configuration

  2. Enter the required details in the following sections;

Configuration

In the Configuration section, you can enter the values for the fields based on the description given in the below table and click Invoke Intune API to verify the login details, get the available device fields from Intune, and save the settings for future sync.

Field

Description

Department

Select the configured Department (Tenant) in SymphonyAI from which assets are imported. The available Departments appear in the selection list.

Integration User

Select the integration user associated with the job transactions (example; Created By, Allocated By). The selected user is recorded as the default user for all assets and related records imported into the Asset Management.

MS Tenant ID

The unique identifier of your Microsoft Tenant that hosts Intune. It routes authentication to the correct directory. It contains a 32 character GUID with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).

Application (Client) ID

The unique ID of the app registration (service principal) used by the connector to authenticate with Microsoft Graph. It is a 32-character GUID formatted with hyphens (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).

Client Secret

The Client Secret is a password-like credential for the app registration and is used with the Application (Client) ID in the OAuth 2.0 client credentials flow. Enter the Secret Value, not the Secret ID.

Sync Assets To

Select one of the following options:

  • Inventory

  • Discovery

Auto Allocation

Select the checkbox if the devices need to be automatically assigned to users based on email or other identity mapping. This field appears when asset data is synchronized to the inventory.

Is Active

Enables or disables the Intune Connector Configuration. When enabled, the application allows synchronization based on the configured settings; when disabled, no data will be fetched or processed during job execution.

Description

Provide a description for the Intune Connector Configuration.

Asset Type

Devices from Intune are imported as fixed assets by default in SymphonyAI. This field is displayed when asset data is synchronized with the inventory.

Account Type

Specifies the identity source used by the connector. Managed Identity indicates that the connector obtains tokens from Microsoft Entra ID.

Auth Mode

Specifies the authentication method used to connect to Intune through Graph API.

Authority Host

Specifies the Azure Active Directory authentication endpoint used to obtain the access token for Intune integration.

Scope

Specifies the Graph API permission scope required to access device data from Intune.

Intune Fields Selection

The Intune Field Selection section displays all device attributes retrieved from Intune after successful API invocation.


Figure: Intune Fields Selection

Users can select the attributes for synchronization by moving fields from the available list to the selected list. The selected fields are saved and used for field mapping, category mapping, and data import during synchronization. Click Save Selected Fields to save the configuration, and only these fields are used to retrieve and populate data from the Intune API.

Note

If the API call fails, the device attributes shown are taken from the last successful call stored in the database.

Intune and Inventory Category Mapping

The Intune and Inventory Category Mapping section allows administrators to define how imported Intune devices are classified into Asset Management categories during Inventory synchronization.

Figure: Intune and Inventory Category Mapping

Enter the required fields as described in the following table and click Save Category Mapping.

Field

Description

Asset Category

Displays the asset categories associated with the selected Department. Categories are listed automatically and can be referenced for mapping to the asset.

Asset Condition

Select the default condition (good, faulty, etc.) of the asset from the list. It helps track the current condition of each asset for inventory and lifecycle management. The default condition will be applied to all devices of Intune imported to the respective fixed asset category in SymphonyAI.

Sub Status

Select the default Sub Status from the list. Only sub-statuses associated with the “In Store” status are displayed. The selected default Sub Status is applied to all Intune devices imported into the corresponding fixed asset category in SymphonyAI.

Condition Rule

Click Define Condition icon to view the Define Condition dialog box.

Figure: Define Condition

Condition Rules allow you to define conditions to map the devices in Intune with the appropriate Fixed Asset category in SymphonyAI.

Using this field you can define conditions based on Intune configuration. All fields selected in Intune are displayed. You can apply these fields to create rules that query assets and automatically assign them to the appropriate category.

Note

The default Asset Condition and Sub Status are applied to all devices imported from Intune into the mapped fixed asset category in SymphonyAI. Only Sub Status values associated with the In-Store status are displayed for selection.

After updating and saving the required details, the condition rules are evaluated sequentially, and the first matching condition assigns the Intune Devices to the fixed asset category. If the same condition is used for two or more asset categories, only the first asset category is considered.

Click Configure Key Field Mapping page, to configure the required field mappings. Field mapping between Intune device fields and the corresponding Fixed Asset category fields in Key Field Mapping is mandatory. In Key Field Mapping, the External Source Attributes column displays the Intune fields selected for mapping and synchronization. For more information on Key Field Mapping, refer Configure Key Field Mapping.


Figure: Key Field Mapping

Default Settings

The Default Settings section defines the standard values applied to assets during Inventory synchronization.



The Store field allows users to associate an asset with a default location and store.

Note

All devices from Intune are imported to a default location and store in SymphonyAI.

Auto Allocation Settings

Inventory mode supports automatic asset allocation. If the Intune device owner exists in SymphonyAI and a unique identifier is mapped, the asset is automatically allocated in SymphonyAI.

Configure Auto‑Allocation by selecting the Intune attribute used to identify users (for example, Email ID or NTID). The application checks the selected field, and if a matching user exists, the asset is automatically assigned to that user. Click Save Auto Allocation Settings to store the configuration, which is applied whenever assets are imported.

Field

Description

Intune Device Owner Field

Intune attribute used for identifying the user (example Email).

User Reference

SymphonyAI attribute used for identifying the user (example Email).

Asset Usage Type

Specifies the usage type of the asset. For more information, refer Configure Asset Usage Type.

Floor

The Floor values are displayed based on the Department and the Location selected for Store.

Purpose

Specify the intended use or business objective for which the asset is assigned within the organization.

Sub Status

Select the default Sub Status from the list. Only the sub-statuses for the status 'Allocated' are displayed. The default Sub Status is applied to all devices of Intune imported to the respective fixed asset category in SymphonyAI.

Allocate To

The devices imported from Intune are by default allocated to a Single User in SymphonyAI.


Intune and Discovery Field Mapping

The Intune and Discovery Field Mapping section enables users to map the device attributes from Intune with Discovery attributes in SymphonyAI. This section is displayed only when the user selects Sync Asset To as Discovery.

Enter the required fields as described in the following table and click Save Discovery Mapping.

Field

Description

Discovery Attributes

Displays the list of attributes associated with Discovery module in SymphonyAI.

Intune Attributes

The attributes selected previously in Intune Field Selection section are displayed. Select the relevant attribute to map it with the Discovery attribute.

Transform

The selected Intune attribute can be transformed (if required) while mapping it with the Discovery attribute. For example, if the data from Intune is in Bytes, then it can be transformed to be saved in MB or GB in SymphonyAI.

It allows users to apply SQL expressions to modify Intune field values before mapping them to Discovery fields in SymphonyAI. During synchronization, the transform expression updates the source value before it is stored in the target field.

For more information on the Transform Examples, refer Examples for Transform.

Unique Key

Select the checkbox corresponding to the attribute to mark it as unique.

Scheduler

To automate sync between Intune and SymphonyAI, configure the Asset HW Sync from Intune scheduler.

To configure the scheduler, refer Scheduler Configuration.

Configure Azure AD Application for Integration

To generate the Client ID and Client Secret in Azure Active Directory, perform the following steps:

  1. Sign in to the Azure portal.

  2. Select your account on the top bar, and then select the appropriate Azure Active Directory from the Directory list.

  3. Navigate to App registrations, and then select New registration.


    Figure: New Registration

  4. Enter the application name, select the supported account type (Single-tenant), and then select Register.

  5. After registration, copy the Application (Client) ID. This value is used as the Client ID.

    Figure: Client ID

Create Client Secret

To create a Client Secret, perform the following steps:

  1. Navigate to Certificates & secrets.

    Figure: Certificates and Secrets

  2. Select New client secret.

  3. Enter a description and select the expiry period (select Never if required).

  4. Select Add, and then copy the generated client secret value.

    Note

    Save the client secret immediately. You cannot retrieve it later.

Configure API Permissions

To configure API Permission, perform the following steps:

  1. Navigate to API permissions, and then select Add a permission.

    Figure: API Permission

  2. Add the following permissions.
    The Request API permission page is displayed.

    Figure: Request API permission

Microsoft Graph

  • Delegated permissions:
    Device.Command
    Device.Read
    DeviceManagementManagedDevices.PrivilegedOperations.All
    DeviceManagementManagedDevices.Read.All
    DeviceManagementManagedDevices.ReadWrite.All

  • Application permissions:
    Device.ReadWrite.All
    DeviceManagementManagedDevices.Read.All

Intune

  • Application permission:
    get_device_compliance

After adding permissions, select Grant admin consent for your organization.

Examples for Transform

The following list provides Examples of Transform expressions used in mapping:

Use the first non-null value from multiple fields:

Transform

Description

COALESCE(ManagedDeviceName, DeviceName)

Uses ManagedDeviceName if available, otherwise DeviceName.

COALESCE(SerialNumber, IMEI, MEID, WiFiMacAddress)

Tries multiple identifiers in order.

Convert values to different units:

Transform

Description

PhysicalMemoryBytes / 1073741824.0

Converts bytes to GB

FreeStorageBytes / 1048576.0

Converts bytes to MB

Format text values

Transform

Description

UPPER(DeviceName)

Converts to uppercase

LOWER(UserPrincipalName)

Converts to lowercase

LEFT(SerialNumber, 20)

Truncates to 20 characters

TRIM(DeviceName)

Removes leading/trailing spaces

REPLACE(UserPrincipalName, '@domain.com', '')

Removes domain suffix

Apply conditional transformations:

Transform

Description

CASE WHEN ComplianceState = 'compliant' THEN 'Yes' ELSE 'No' END

Converts to Yes/No

CASE WHEN IsEncrypted = 1 THEN 'Encrypted' ELSE 'Not Encrypted' END

Human-readable encryption status

Set constant values:

Field

Description

'Intune'

Always sets value to Intune

GETUTCDATE()

Current UTC timestamp

Complex transformations combining multiple functions:

Field

Description

COALESCE(NULLIF(SerialNumber, ''), IMEI)

Uses IMEI if SerialNumber is empty string

UPPER(LEFT(COALESCE(DeviceName, 'Unknown'), 50))

Uppercase, truncated, with fallback

The following default transforms are pre-configured for Intune to Discovery sync:

Intune Field

Discovery Field

Transform

Note

DeviceName

SystemName

COALESCE(ManagedDeviceName, DeviceName)

Name fallback

SerialNumber

SerialNo

COALESCE(SerialNumber, IMEI, MEID, WiFiMacAddress, EthernetMacAddress)

Serial fallback

EthernetMacAddress

MACAddress

COALESCE(EthernetMacAddress, WiFiMacAddress)

MAC fallback

PhysicalMemoryBytes

RAM_Size

PhysicalMemoryBytes / 1073741824.0

Bytes to GB

TotalStorageBytes

HDD_Size

TotalStorageBytes / 1073741824.0

Bytes to GB

Id

Data_Source

Intune

Data source