Intune Connector

This section details how to configure an Intune Connector.

Required By

Intune Profile

Intune Connector

Prerequisites

On Horizon side, you might need to set up a Proxy, used to reach Azure/Intune, if necessary. Note that the Horizon instance must also be reachable from the Azure AD endpoint, hence being reachable from the Internet.

On Azure AD side, it is required to set up an application by following Microsoft’s guide. Please note that you must add the Microsoft Graph / Application.Read.All permission as well for the revocation feature to work properly. After performing these steps, you will get the following information, required later:

  • the Tenant ID

  • the Application ID

  • the Application Authentication Key

How to configure Intune Connector

1. Log in to Horizon Administration Interface.

2. Access Intune Connector from the drawer or card: Third Parties  Intune  Connectors.

3. Click on Add Connector.

4. Fill the mandatory fields.

Connection

  • Name* (string input):
    Enter a meaningful connector name. It must be unique for each connector. Horizon uses the name to identify the connector.

  • Azure Tenant* (string input):
    Enter the Tenant ID.

  • App Registration Credentials*(select):
    Select Login credentials containing your app registration ID and secret key.

  • Proxy (string select):
    The HTTP/HTTPS proxy used to reach Azure AD and Intune.

  • Timeout (finite duration):
    Timeout set on the connection used to reach Azure AD and Intune. Configured by default at 10 seconds. Must be a valid finite duration.

Assets identification and management

  • OS query string (string input):
    This allows to restrict devices by OS when performing the devices listing used for the revocation feature. Leave blank to use the default setting if unsure.

  • Intune resource URL (string input):
    This allows to point at a specific Intune installation. Used only in Hybrid Intune setups, leave blank otherwise.

  • Legacy revocation mode (boolean):
    Activate the legacy revocation mode. Default value is set to false.

Actors management

These configuration elements mainly define the number of authorized interactions with the remote service on a defined period. For example, one needs to ensure that the remote service will not be contacted more than 5 times per 3 seconds. Throttle parallelism defines the number of times and Throttle duration the period of time. Therefore, on the above example, throttle parallelism would be set to 5 and throttle duration would be set to 3 seconds.

  • Throttle duration* (finite duration):
    Set by default to 3 seconds. Must be a valid finite duration.

  • Throttle parallelism* (int):
    Set by default to 3.

5. Click on the save button.

You can update Edit Connector or delete Delete Connector the Intune Connector.

You will not be able to delete an Intune Connector if it is referenced in any other configuration element.