Microsoft Intune Guide: General
Before proceeding, please make sure that your Exodus instance supports your EMM servers' versions as source and/or target in the support matrix page
Required environment's information
For each endpoint you have to setup, you'll need these pieces of information:
1. Instance identification
The Application (client) ID, Application (client) secret, and Directory (tenant) ID: You will obtain all of these values by creating a third party app allowed to access your Intune instance.
First, go to your Azure Active Directory portal, select All Services on the left hand side, then App registrations. (see fig. 1.1).
Enter a name, leave the account type to single tenant option, and in the Redirect URI section, enter the URL of your Exodus instance, by appending
/emm/auth/callback at the end. The full URL should look like:
Click on Register to finish the process. (see fig. 1.2).
Don't forget to replace
#your-instance-name# by your real instance name which should be equal to the subdomain of your Exodus console URL.
If you access Exodus admin console with
https://example.exodus.tools/ then the callback url should be
The app is now created, you can already find the Application (client) ID and Directory (tenant) ID in the overview. Copy them, you will need them later. (see fig. 1.3).
Only two steps are remaining.
First, enable the Access tokens option by checking the dedicated checkbox under the Authentication menu of your newly created application. Click save above to validate your changes. (see fig. 1.4).
Finally, go the Certificates & secrets menu of your application, click on the New client secret button, give it a name, the click Add. The Application (client) secret will appear in the list underneath, copy it, it will only be shown once. (see fig. 1.5).
The three values you copied will have to be entered when you configure your Intune instance in Exodus.
2. Group identification
The identifier of an Intune group. We need this for two things:
- First, to validate that your configuration is correct and this is the only usage when Intune is your target EMM.
- Second, to define the list of devices you want to migrate and this is the main usage when your current EMM is Intune.
You can find your group identifier by going in your Microsoft 365 Device Management console. Click on Groups on the left outline menu, then select the group you want. This will open a detailed view of the group, and its identifier will be in the
Object Id field. This is the identifier you need to enter in Exodus. (see fig. 1.6).
Once you enter the above-mentioned values in the form and validate it, you will be prompted in a pop-up to log in using a valid Microsoft Intune administrator account for your Azure Active Directory tenant identifier. Follow through the authentication, a set of permissions will be asked to be able to perform device and user actions on your behalf.
The next steps depend on which of your environments are using Microsoft Intune.
If you have Microsoft Intune as your current EMM, please follow the prerequisites for configuring a Microsoft Intune source environment.
If your target EMM is a Microsoft Intune instance, please follow the prerequisites for configuring a Microsoft Intune target environment.