Skip to content

Microsoft Intune Guide: General

Important

Before proceeding, please make sure that your Exodus instance supports your EMM servers' versions as Source and/or Target in the Support Matrix page

Required environment's information

App Registration

In order for Exodus to be able to reach your Microsoft Intune Tenant, Exodus needs the following pieces of information: an Application (client) ID, its Application (client) secret, and your Directory (tenant) ID. You will obtain these values by creating a third party app in your Intune Tenant.

First, go to your Azure Active Directory admin center, select All Services > Enterprise applications > New application > Create your own application.

Give it a name, select the Register an application to integrate with Azure AD (App you're developing) option then click on Create.

Once in Register an application, select the account type Accounts in this organizational directory only (#customer-entity# only - Single tenant). In the Redirect URI section, select "Web" in the drop down menu and enter the URL of your Exodus Instance, by appending /emm/auth/callback at the end. The full URL should look like: https://#your-instance-name#.exodus.tools/emm/auth/callback.
Click on Register to finish this process. (see Fig. 1.2).

Figure 1.2

Register application

Important

Don't forget to replace #your-instance-name# by your actual Exodus Instance name which should the same as the subdomain of your Exodus Console URL.

If you access your Exodus Console with https://example.exodus.tools/ then the callback url should be https://example.exodus.tools/emm/auth/callback.

The App is now created, go to All services > Azure Active Directory > App registrations. You should see your newly created Exodus App, click on its name.

On the Overview menu, you should see the Application (client) ID and the Directory (tenant) ID, save both values, you will need them later.

Now click on the Certificates & secrets menu, click on New client secret, give it a description then select the longuest expiration value possible and click Add. The Application (Client) secret Value will appear in the list underneath, save it, it will only be shown once.

You will need these three values when configuring a Migration in the Exodus Console.

Source Device Group

When using Intune as your Source Tenant, you also need a Group ID: this is the identifier of the group that contains the list of devices you want to migrate.

You can find this fourth value by going in your Microsoft Endpoint Manager admin center. Click on Groups on the left outline menu, then select the group you want. This will open a detailed view of the group, and save the value in the Object Id text field. (see Fig. 2.1).

Figure 2.1

Find the group identifier

Authentication

Once you enter the above-mentioned values in the form and validate it, you will be prompted in a pop-up window to log in using a valid Microsoft Intune Administrator account for your Azure Active Directory tenant identifier. Follow through the authentication, a set of permissions will be asked to be able to perform device and user actions on your behalf.

Next Steps

Next, depending on whether you are using Intune as your Source Tenant or as your Target Tenant, consult the appropriate guide: