Skip to main content
Sign in

Creating extended integrations for Microsoft Intune assets

  • June 17, 2026 11:22
  • Updated

Sync Microsoft Intune with Oomnitza to gain visibility of key asset information such as device security and compliance information, operating system and network details, enrolment information, and usage metrics.

IntuneIntegrations.jpg

Screen capture: Extended integrations for Microsoft Intune

The following integrations are available for Microsoft Intune assets:

  • Basic integration. Use this on-premises integration when you want to stream asset and software data into Oomnitza. See Creating a basic integration for Microsoft Intune assets.
  • Extended shim integration for Microsoft Intune assets and software. Use this integration when you want to stream asset and software data into Oomnitza. 
  • Extended integration for Microsoft Intune assets. Use this integration when you want to stream asset data into Oomnitza.
  • Extended integration for Microsoft Intune assets with filter. Use this integration when you want to use a filter to refine the asset data that is streamed into Oomnitza. You can create a query such as 
    operatingSystem="Windows" to filter the data that is streamed into Oomnitza. See Use the $filter query parameter.

toc_icon_32px.svg Contents

  1. Before you start
  2. Information required for the integration
  3. Creating the asset integration
  4. Creating custom mappings

Before you start

To easily find the records that are uploaded to Oomnitza, it's best practice to create a dedicated user account for each integration. This will make it easier for you to retrieve the records that are uploaded to Oomnitza from the vendor application. 

small_blue_link.svg Creating integration users 

Information required for the integration

Integration Information

Domain. By default, the domain is set to https://graph.microsoft.com. To enter the domain of your Microsoft account, you enter the fully qualified URL.

Credential information

The type of authentication is OAuth2.

To add credentials to Oomnitza, you require the following information:

  • Client ID and client secret
  • Tenant ID
  • Scopes
Learn more

The following steps are provided as guidance only. Refer to your vendor's API documentation and consult your System Administrator for the most accurate and up-to-date instructions.

Step 1: Register an app in Microsoft Entra ID. Create the app registration that Oomnitza will authenticate as. See Register an application with the Microsoft identity platform

Step 2: Create a client secret. This is the credential Oomnitza will use to request tokens. See Add a client secret.

Step 3: Grant API permissions. For Intune assets and users permissions select DeviceManagementManagedDevices and then select all available options:

  • DeviceManagementManagedDevices.PrivilegedOperations.All
  • DeviceManagementManagedDevices.Read.All
  • DeviceManagementManagedDevices.ReadWrite.All

See Add permissions to access Microsoft Graph.

These are Application permissions (not Delegated), because you're using client credentials without a signed-in user.

Step 4: Grant admin consent. See Grant admin consent in the portal. Application permissions require a Global Administrator (or Privileged Role Administrator) to grant tenant-wide admin consent before they take effect.

Step 5: Note your credentials. You will need the following information to add the integration and the credentials in Oomnitza:

  • Tenant ID 
  • Client ID
  • Client Secret

See OAuth 2.0 client credentials flow.

ImportantOrangeTriangleIcon.svg This endpoint requires an active Intune license on the tenant.

Adding credentials to Oomnitza

Make life easier and add your credentials to Oomnitza before you create the integration.  

  1. In Oomnitza, click Configuration > Security > Credentials.
  2. Click Add new credential (+).
  3. Search for the integration, and then click the forward arrow > to select the integration.
  4. Enter your client credentials and any other additional information.
  5. Click Authenticate. You are prompted to log in to authorize your request.
  6. Click CREATE.

To inherit the permissions that you set up for the Microsoft app that you registered, you enter https://graph.microsoft.com/.default as the scope.

Creating the asset integration

  1. In Oomnitza, click Configuration> Integrations> Overview.
  2. Click Block view block_view.PNG
  3. Scroll down to the Extended section for asset integrations.
  4. Click NEW INTEGRATION.
  5. Select the integration in the sidebar.
  6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

Software data

Depending on the asset integration, an option might be available to ingest desktop software information such as the name and version of the software installed on an asset. To view the software information in Oomnitza, you must have the software module. 

Installation types

  • Cloud. Store credentials in the Oomnitza cloud.
  • Local. Store credentials locally. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select cloud as the type of installation. Local installations don't support AWS and OAuth authentication. 

Integration preferences

  • Create & Update. Add and update records.
  • Create only. Add records.
  • Update only. Update records.

Integration details

To review or update the integrations details, click Edit edit_black_pencil_icon.svg.

TipBulb_Icon_small.svg When you edit the Integration details section, you can select the name or names of integration contacts.  Integration contacts will receive an in-app notification and an email, when the integration fails, when the integration fails to complete within 24 hours, or when the scheduled integration fails to run.

  1. Update the integration name.
  2. Select an installation type.
  3. For integration preferences, select an option.
  4. Enter the name of the integration user.  

Credential details

If you selected Cloud as the installation type, choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Scheduling the integration

By default, data is synced once every day. Change the interval or the time so that the data is streamed when your system isn't busy.

  1. Click Edit edit_black_pencil_icon.svg.
  2. Make and save your changes.

Mapping fields to Oomnitza

To map the fields to Oomnitza, click Edit edit_black_pencil_icon.svg.

 cog_red_dot_small_icon.svg Select Edit integration to add rules for syncing data. small_blue_link.svg Filtering integration results.  

Click SMART MAPPING.

You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. 
small_blue_link.svg Creating custom API fields. 

Standard mappings for shim extended integration (assets and software)

Activation Lock Bypass Code
Android Security Patch Level
AzureAD Device ID
Compliance Grace Period Expiration DateTime
Compliance State
Configuration Manager Client Enabled Features
Connector Sync Time
Device Category Display Name
Device Enrollment Type
Device Health Attestation State
Device Name
Device Registration State
EAS Activated
EAS Activation DateTime
EAS Device ID
Email of the associated user
Enrolled DateTime
Exchange Access State
Exchange Access State Reason
Exchange Last Successful Sync DateTime
Free Storage In Bytes
ID
IMEI
Is Encrypted
Is registered in Azure AD
Is Supervised
Jail Broken
Last sync date and time with Intune
Managed Device Name
Managed Device Owner Type
Management Agent
Manufacturer
MEID
Model
OS
OS version
Partner Reported Threat State
Phone Number
Remote Assistance Session Error Details
Remote Assistance Session Url
Serial Number
Subscriber Carrier
Total Storage In Bytes
User Display Name
User ID
User Principal Name
Wi-Fi MAC

Standard mappings for extended asset integration

You can map the following fields from Intune to Oomnitza: Activation Lock Bypass Code
Android Security Patch Level
AzureAD Device ID
Compliance Grace Period Expiration DateTime
Compliance State
Configuration Manager Client Enabled Features
Device Category Display Name
Device Enrollment Type
Device Health Attestation State
Device Name
Device Registration State
EAS Activated
EAS Activation DateTime
EAS Device ID
Email of the associated user
Enrolled DateTime
Exchange Access State
Exchange Access State Reason
Exchange Last Successful Sync DateTime
Free Storage In Bytes
ID
IMEI
Is Encrypted
Is Supervised
Is registered in Azure AD
Jail Broken
Last sync date and time with Intune
MEID
Managed Device Name
Managed Device Owner Type
Management Agent
Manufacturer
Model
OS
OS version
Partner Reported Threat State
Phone Number
Remote Assistance Session Error Details
Remote Assistance Session Url
Serial Number
Subscriber Carrier
Total Storage In Bytes
User Display Name
User ID
User Principal Name
Wi-Fi MAC

Drag and drop

You can map additional fields to Oomnitza.

  1. Drag and drop the fields onto the Add new Oomnitza field area in the Oomnitza column.
  2. Rename the field.
  3. Make your changes.
  4. Save your changes.

Selecting sync keys

sync-key-blue.svg You must select at least one field as the sync key field. To ensure that the sync runs successfully, the field must contain unique values such as the serial number of an asset record or the email address of a user record. Records that do not contain a value for the sync key are skipped.   

See Configuring multiple sync keys.

Workflows

You can also create workflows to complete actions in Microsoft Intune such as:

  • Remote locking.
  • Resetting a device pass code, shutting down, and locking a device. 
  • Offboarding and onboarding a device, including cleaning, wiping, deleting, retiring, and rebooting a device. Managing a device such as including updating and recovering a pass code.

small_blue_link.svg Creating workflows for Microsoft Intune assets

Related articles

Comments

0 comments

Please sign in to leave a comment.