This guide is designed to give Incident IQ administrators an overview of the following Microsoft Intune integration app related topics:
- Managing settings that control asset creation and deletion, as well as when and what information is updated during syncs
- Setting up location and model mappings
- Enabling remote device actions
- Sync and asset history lookup tools
- Frequently asked integration questions
You can use the following links below to quickly navigate to a specific section in this document. To quickly return to this index simply use the "Return to Index" link located at the end of any section.
- Installing Microsoft Intune
- Integration Overview
- Remote Device Actions
- Frequently Asked Questions
- What location should I use for my default location?
- Can I pull room information from Microsoft Intune into Incident IQ?
- Can I map certain fields coming from Microsoft Intune to default asset fields in Incident IQ?
- Why are assets not getting created during syncs?
- Why are asset tags not updating during syncs?
The Microsoft Intune integration app is designed to give school districts the ability to create, manage, and automatically assign assets to students in Incident IQ by utilizing Intune asset data. In addition, this integration with Incident IQ also allows agents and admins the ability to view an asset's metadata in one convenient location. This includes basic device information, OS and firmware versions, as well as other data agents may find useful during the course of working a ticket.
When installed, you can access the Microsoft Intune Integration app by selecting Incident IQ Apps > Apps Management. This will take you to your Installed Apps page where you can select Manage to access the Microsoft Intune Integration management page.
Installing Microsoft Intune
To install the Microsoft Intune integration, begin by clicking on Incident IQ Apps > Browse on the left side bar. Next, under the Asset Management section, click on the Microsoft Intune.
From here, simply select Install and follow the steps to complete the installation.
Once installed in Incident IQ you will need to click on Manage App Settings.
From here, you will need to Authorize Incident IQ with an account in Microsoft Intune that has the ability to read and write data in the system to complete the installation process.
Next, you will need to run a sync. Navigate to the Overview Tab and click Start Full Sync. This will accomplish the following:
- Establish a connection Incident IQ and Jamf asset information.
- Allows Incident IQ to see what models are available in your Jamf. This is necessary to set up automatic asset creation.
The following section is designed to give you a detailed overview of each tab of the integration and the tabs intended purpose. After installing Microsoft Intune and running your first sync. Your next steps are to:
- Enable how your assets are created and updated within iiQ under the General Settings Tab.
- Map the location of assets under the Location Mapping Tab.
- Map the model for your assets under the Model Mapping Tab.
- Run a full sync under the Overview Tab.
- Overview Tab
- General Settings Tab
- Location Mapping Tab
- Model Mapping Tab
- Sync History Tab
- Asset History Tab
When installed, you can access the Microsoft Intune app by selecting Incident IQ Apps > Apps Management. This will take you to your Installed Apps page where you can select Manage button to the Microsoft Intune integration management.
The Overview Tab gives you the ability to quickly review the status of the most recent sync between Incident IQ and Microsoft Intune. While syncs will automatically run overnight, you have three additional options:
- Start Full Sync - manually start a new sync.
- Re-Run Last Sync - run the very last sync again.
- Push Data - if you have set up write back functionality push the data back to your asset integration form iiQ. Please see the section below for more details on creating custom values fields that are pushed from iiQ to your asset management integration.
Additionally, you can use the View Details button to take you directly to the Sync History tab where you can review the count of assets updated, added, or skipped over during the most recent sync.
General Settings Tab
The General Settings tab houses many of the settings that control when information is brought in or updated automatically, as well as field mappings between the Microsoft Intune and Incident IQ. As such, you can find the following settings here:
- Options that control if assets are automatically created, updated, and deleted during system syncs.
- The ability to turn on automatic room assignment for assets if you are storing this data in Intune.
- Custom field asset mapping options to pull in additional data for use in asset filters and custom view columns
- An option to enable the use of remote asset features available in Intune directly on an asset detail's page by administrators and agents with the correct permissions
The Mapping section manages what data is created and updated in Incident IQ based on data coming from Intune. This includes:
- Create Asset: Selecting this will automatically create assets in IIQ to match any new device discovered in Intune during a sync.
- Update Asset: Selecting this will automatically update assets in IIQ to match any updates to a device's data discovered in Intune during a sync.
- Update Custom Fields: Selecting this option will only allow new information being pulled into custom fields to update during a sync.
- Delete Asset: Selecting this will automatically delete assets in IIQ to match any assets deletions that have occurred in Intune during a sync.
Next, under the Import Options section you can enable the Create Rooms option. This will automatically create rooms associated with assets in Intune if these rooms do not already exist in Incident IQ.
The Map custom values section allows you to select additional values you want imported and map them to default or custom fields in iiQ. This gives you the ability to pull in custom data fields and custom view column options. Click on the Add button.
Next, fill out the following field mapping options:
Please note, there may be pre-configured mapping and they can not be changed.
- Select the custom value
- Set the Map Direction
The following fields are only supported for syncing from iiQ to Microsoft Intune: Managed Device Name.
- Intune to Incident IQ
- Incident IQ to Intune
- Both directions (if both, data will push from Incident IQ to Intune first.)
- Select the iiQ field the custom value should map too. You can map to the default field or map to a custom field.
- If you map to a Custom Field, you will need to set a field name, select a field type (text, number, or date), and set whether the field information needs to be searchable through filters.
Next, you can control whether or not the Microsoft Intune integration will update the owner field in Incident IQ using the following options in the Automatic asset assignment in IIQ drop-down menu:
- Don't automatically update asset owner in IIQ: This option will prevent the Microsoft Intune integration from updating owner information in Incident IQ.
- Automatically update owner in IIQ based on User Id in Microsoft Intune: This option will automatically update the device ownership of assets in Incident IQ based on the User Id field in Microsoft Intune.
- Automatically update owner in IIQ based on Email Address in Microsoft Intune: This option will automatically update the device ownership of assets in Incident IQ based on the Email Address of the user in Microsoft Intune.
The last section is the Remote Device Actions. You can enable remote device actions that administrators and agents with the correct permissions can access directly on an asset's details page in Incident IQ. Please see the section below for more details on the different deceive actions for Microsoft Intune and enabling the device actions based on users roles.
Location Mappings Tab
This tab allows you to select or modify your current location mappings between IIQ and Intune. You can choose to automatically assign a device to a default location in Incident IQ if it does not match any location mappings set. This is especially important if you are using the Intune integration to automatically create assets because assets must have a location set to be created.
Location is required for an asset to be created in iiQ.
The Custom Mapping Options allows you to choose how you would like devices to map in IIQ. You can choose to match Owner's Location between Jamf and iiQ.
Model Mappings Tab
This tab allows you to select or modify your current model mappings between IIQ and the Intune. Unmapped models will not be imported into iiQ. You can use the Auto-Map Models button to automatically attempt to match models in your list of devices with models that already exist in IIQ.
Alternatively, you can also manually select what model your device should map to using the drop-down menus to the right of each listed device.
If your device will not auto-map and is not available from the drop-down options, then it most likely does not currently exist in IIQ. In this case, simply select the Create New Model button on the right of the device mapping in question to automatically create and activate this model during your data sync.
Sync History Tab
This tab allows you to view your sync history between IIQ and the Intune. Every sync, whether it completed successfully or not, is logged for reference purposes and available for review in the View details of a sync list.
Clicking on any sync, in particular, will open that sync's details. From here, you can review the full list of what devices were updated, created, deleted, or skipped during the sync. Additionally, you can narrow down your view by using the filter options at the top of the list.
Asset History Tab
The Asset History tab allows you to search for basic information on any device currently located in your Intune. Simply enter in a valid serial number in the Search for asset field to begin your search.
Once you've selected a device, you'll be able to see the following Intune information:
- External ID
- Owner Email
- Organizational Unit
- Serial Number
- Location Name
Additionally, you'll also see a list of actions applied to this device during recent system syncs.
Remote Device Actions
Under the General Settings tab at the bottom of the page, you can enable remote device actions that administrators and agents with the correct permissions can access directly on an asset's details page in Incident IQ. These options include:
- Bypass Activation Lock: Allow a user to remotely bypass activation lock for an Intune managed device.
- Clean Windows Device: Allow a user to remotely clean a Windows device managed through Intune.
- Delete User From Shared Apple Device: Allow a user to delete a user from a shared Apple Intune managed device.
- Disable Lost Mode: Allow a user to remotely disable lost mode for an Intune managed device.
- Locate Device: Allow a user to remotely locate an Intune managed device.
- Logout Shared Apple Device Active User: Allow a user to remotely logout a shared Apple device active user for an Intune managed device.
- Reboot Device: Allow a user to remotely reboot an Intune managed device.
- Recover Passcode: Allow a user to remotely recover passcode for an Intune managed device.
- Remote Lock: Allow a user to remotely lock an Intune managed device.
- Remote Wipe Device: Allow a user to remotely wipe an Intune managed device.
- Request Remote Assistance: Allow a user to remotely request a remote assistance session for an Intune managed device.
- Reset Passcode: Allow a user to remotely reset the passcode for an Intune managed device.
- Retire Device: Allow a user to remotely retire an Intune managed device.
- Shut Down: Allow a user to remotely shut down an Intune managed device.
- Sync Device: Allow a user to remotely sync an Intune managed device.
- Update Signatures for Windows Defender: Allow a user to remotely update the signature for Windows Defender for an Intune managed device.
- Update Windows Device Account: Allow a user to remotely update the Windows device account for an Intune managed device.
- Windows Defender Scan: Allow a user to remotely trigger a Windows Defender Scan for an Intune managed device.
Please note, administrators are given full access to all remote features permissions by default. However, each of the remote features listed above are controlled by an individual permission. This makes it possible to customize which permissions an agent has access to, without needing to give them full access to all of the remote features. These permissions can be found underneath the App Specific section on policies and individual user permissions pages.
On the asset details page you will have access to preform these actions.
Frequently Asked Questions
The following section consists of common questions that users have when installing and setting up the Microsoft Intune integration. Please note, if you do not find to an issue you are experiencing in this section please contact the Incident IQ Customer Support team for further assistance.
What location should I use for my default location?
If you are unsure of what location you should utilize, we recommend setting the district/central office as your default location. Alternatively, you may also setup an entirely separate location (such as "Unassigned") to utilize for this purpose as well.
Can I pull room information from Microsoft Intune into Incident IQ?
If you are storing room information in Microsoft Intune, you can tie this information to assets stored in Incident IQ. This includes the ability to create rooms for any given location if they do not already exist in the system. To do so, you will want to go to the General Settings tab and enable the room number option.
Can I map certain fields in Microsoft Intune to default or custom asset fields in Incident IQ?
You can pull in data from Microsoft Intune for use in asset filtering and custom view columns in the General Setting tab of the integration app. To set one of these fields up, you will need to begin by clicking on the Add button at the bottom of the Map custom values from microsoftIntune section.
From here, you will now need to set the following:
- Select the specific data field in Microsoft Intune you want to pull in as a custom field
- Set whether the data only pulls from Intune to Incident IQ, sends from Incident IQ to Intune, or flows in both directions (if both, data will push from Incident IQ to Intune first.)
- Specify if the data should map to a custom field
- And finally, set a field name, select a field type (text, number, or date), and set whether the field information needs to be searchable through filters.
Why are assets not getting created during syncs?
For a sync to create assets automatically, the following options need to be turned on or mapped in app management as detailed in this section of this article:
- The Create asset option must be turned on in the General Settings tab.
- Location mappings, or a default location, must be set in the Location Mappings tab.
- The model of the device must be mapped in the Model Mappings tab.
Please note, if your asset does not have a model associated with it in Microsoft Intune, then the asset cannot be added automatically. However, you can manually create or import the asset into the system to circumvent this issue. During the next system sync, if Incident IQ detects a matching serial number inside of Microsoft Intune, the system will then automatically associate the Intune data with this asset.
Why are asset tags not updating during syncs?
By default, Incident IQ does not have the option to update asset tags automatically enabled for asset integrations. To turn on asset tag updates during syncs, select Incident IQ Apps > Manage from the left navigation bar, and the click on the Data Mapping tab. From here, check the Asset Tag option underneath the Asset Field Mappings section and then save.
Please note, even though this option is not enable by default, the asset tag field is required for asset creation. Because of this, when an asset is created during a sync without this option enable the following will occur:
- If asset tag information is available, then the asset will be created with the asset tag stored in the Microsoft Intune.
- If asset tag information is not available, then the asset will be created with the serial number filled in for the asset tag.