Skip to main content
All CollectionsOnboarding and Configuration Guides
Onboarding Guide - Microsoft Intune Integration
Onboarding Guide - Microsoft Intune Integration
Reco Product Management avatar
Written by Reco Product Management
Updated over 8 months ago

Welcome to Reco, the premier SaaS security platform designed to secure your organization's SaaS environment. This guide will walk you through integrating Microsoft Intune with Reco, providing you with critical insights into your organization's device management. Here's what we'll cover:

  1. Introduction to Microsoft Intune

  2. Why Connect Microsoft Intune to Reco?

  3. Benefits of Integrating Microsoft Intune with Reco

  4. Prerequisites for Integration

  5. Required Scope for Integration

  6. Step-by-Step Integration Guide

  7. Data Ingestion: What We Collect

Note: You need Reco Admin privileges to complete this integration. Please contact your company's Reco Administrator or Customer Success Manager if you require this role.

Introduction to Microsoft Intune

Microsoft Intune is a cloud-based service focused on mobile device management (MDM) and mobile application management (MAM). It allows your organization to ensure that your devices, including phones, tablets, and laptops, are compliant with your company's security policies. This service is part of Microsoft 365 suite

Why Connect Microsoft Intune to Reco?

Connecting Microsoft Intune with Reco enhances your security by validating the security of your Intune environment and managed devices. This integration helps you clearly understand your Intune policies, identify vulnerabilities in devices accessing your network, and adopt best practices to minimize risks. Ultimately, it ensures your devices meet the highest security standards.

Benefits of Integrating Microsoft Intune with Reco

  • Clear Visibility into Intune's posture: Get detailed insights into Intune misconfiguration and spot potential risks.

  • Effective Detection and Response: Quickly identify and fix issues like unauthorized device activity and changes in your baseline Intune settings.

Prerequisites for Integration

Before you begin the integration process, ensure that you meet the following requirements:

  • Reco Admin Role: A user with an Admin Role in Reco is required to initiate the integration process. This role is essential for configuring and managing the integration settings within the Reco platform.

  • Microsoft Global Administrator Role: The user performing the integration must have the Global Administrator role assigned within Microsoft Intune. This role is typically necessary for comprehensive access and management capabilities within Microsoft Intune and possibly other Microsoft 365 services. For more details about this role, please refer to the Microsoft documentation.

Importantly, while the Global Administrator role is used to grant Reco access, Reco will only be granted a limited scope of DeviceManagementManagedDevices.Read.All. This ensures that Reco is not granted full Microsoft 365 Admin privileges, aligning with the concept of least privilege which is a key security best practice.

Required Scope for Integration:

  • It's needed to have consent for the DeviceManagementManagedDevices.Read.All scope. This permission enables an application to read all properties of managed devices in Microsoft Intune without accessing personal data. It's crucial for Reco to ingest data effectively and reflects the implementation of the least privilege principle, ensuring that Reco is granted only the necessary permissions to perform its functions without full Microsoft 365 Admin privileges.

Step-by-Step Integration Guide

If you have multiple Microsoft accounts, ensure you are logged into the account with Global Administrator privileges before starting the integration. It may be necessary to log out of your personal corporate user account to avoid conflicts during the authentication process.

  1. Log in to the Reco Platform: Access your Reco dashboard using your credentials.

  2. Navigate to Integrations: Click on "Configurations" and then select "Integrations".

  3. Add Microsoft Intune Integration: Find the "Microsoft Intune" object and click on "Add Integration".

  4. Consent and Authenticate: You will be redirected to a consent page. Click on "Accept" to grant Reco access to Microsoft Intune.

  5. Activate Integration: Upon successful integration, the Microsoft Intune Integration status will change to "Active".

  6. Configure Data Ingestion: Click on "Configure", choose the required start date for data ingestion, and click on "Start Extraction".

Data Ingestion: What We Collect

Reco is committed to respecting your data privacy and security. For the Microsoft Intune integration, we ingest metadata only, focusing on information that enhances device security and compliance without compromising personal data.

What We Ingest:

  • Source: Microsoft Intune

  • Required Scope: DeviceManagementManagedDevices.Read.All

  • Data Collected: Device metadata through the MSFT_DETECTED_APPLICATIONS_API, enabling detailed insights into managed devices' compliance and security status.

  • Permission: read only

  • Documentation: Link


โ€‹

Did this answer your question?