Skip to content

Microsoft Intune Guide: General


Before proceeding, please make sure that your Exodus instance supports your EMM servers' versions as source and/or target in the support matrix page

Required environment's information

General information

For each endpoint you have to setup, you'll need these pieces of information:

1. Instance identification

The Application (client) ID, Application (client) secret, and Directory (tenant) ID: You will obtain all of these values by creating a third party app allowed to access your Intune instance.

First, go to your Azure Active Directory portal, select All Services on the left hand side, then App registrations. (see fig. 1.1).

figure 1.1

App registration

Enter a name, leave the account type to single tenant option, and in the Redirect URI section, enter the URL of your Exodus instance, by appending /emm/auth/callback at the end. The full URL should look like: Click on Register to finish the process. (see fig. 1.2).

figure 1.2

Register application


Don't forget to replace #your-instance-name# by your real instance name which should be equal to the subdomain of your Exodus console URL.

If you access Exodus admin console with then the callback url should be

The app is now created, you can already find the Application (client) ID and Directory (tenant) ID in the overview. Copy them, you will need them later. (see fig. 1.3).

figure 1.3

Application info

Then, go the Certificates & secrets menu of your application, click on the New client secret button, give it a name, and click Add. The Application (client) secret will appear in the list underneath, copy it, it will only be shown once. (see fig. 1.4).

figure 1.4

Application client secret

The three values you copied will have to be entered when you configure your Intune instance in Exodus.

2. Group identification

The identifier of an Intune group. We need this for two things:

  • First, to validate that your configuration is correct and this is the only usage when Intune is your target EMM.
  • Second, to define the list of devices you want to migrate and this is the main usage when your current EMM is Intune.

You can find your group identifier by going in your Microsoft 365 Device Management console. Click on Groups on the left outline menu, then select the group you want. This will open a detailed view of the group, and its identifier will be in the Object Id field. This is the identifier you need to enter in Exodus. (see fig. 2.1).

figure 2.1

Find the group identifier


Once you enter the above-mentioned values in the form and validate it, you will be prompted in a pop-up to log in using a valid Microsoft Intune administrator account for your Azure Active Directory tenant identifier. Follow through the authentication, a set of permissions will be asked to be able to perform device and user actions on your behalf.

Next Steps

The next steps depend on which of your environments are using Microsoft Intune.

If you have Microsoft Intune as your current EMM, please follow the prerequisites for configuring a Microsoft Intune source environment.

If your target EMM is a Microsoft Intune instance, please follow the prerequisites for configuring a Microsoft Intune target environment.