Skip to main content

Microsoft Intune Endpoint Management Integration Setup

This guide walks you through integrating Microsoft Intune with RAD Security to ingest managed-device inventory and device compliance findings, and to trigger remediation on a device from RAD. Microsoft Intune is the device-management service in Microsoft Entra / Microsoft 365. RAD Security connects to Microsoft Graph using an Azure AD app registration (OAuth client credentials) and pulls device inventory and compliance posture on a scheduled basis to correlate them with your runtime, cloud, and Kubernetes security data.
Read-only ingestion, with one write action: RAD only reads device inventory and compliance from Intune. The single exception is device remediation — RAD can trigger a remediation action on a device through Graph. That action is RBAC-gated (requires tenant write permission) and recorded as an OCSF Device Control Finding.

Prerequisites

Before you begin, ensure you have:
  • A Microsoft Entra (Azure AD) tenant with Intune device management
  • Permission to create an app registration in Microsoft Entra ID
  • Your Directory (Tenant) ID
  • Admin consent rights to grant Microsoft Graph application permissions
  • Access to a RAD Security workspace with integration permissions

Understanding Integration Components

RAD Security authenticates to Microsoft Graph using an Entra ID app registration. You provide the app’s Client ID and a Client Secret, and RAD exchanges them for short-lived access tokens via the OAuth 2.0 client-credentials grant.
The Directory (Tenant) ID identifies your Microsoft Entra tenant and scopes token issuance. You can find it on the app registration overview or in the Entra ID tenant overview.
The app registration needs Microsoft Graph application permissions for Intune device management (for example DeviceManagementManagedDevices.Read.All for inventory and compliance, plus a managed-device action permission such as DeviceManagementManagedDevices.PrivilegedOperations.All for remediation). Permissions require admin consent.
The Graph URL override is optional. Leave it blank for the global Microsoft Graph endpoint; set it only for national / sovereign clouds (for example US Government or China) where the Graph base URL differs.

Step 1: Register an App in Microsoft Entra ID

1

Create an App Registration

In the Microsoft Entra admin center, go to Identity → Applications → App registrations → New registration. Give it a name (for example RAD Security Intune) and register it.
2

Record the Client and Tenant IDs

On the app’s Overview page, copy the Application (client) ID and the Directory (tenant) ID.
3

Create a Client Secret

Under Certificates & secrets → Client secrets, create a new secret and copy its Value.
Copy the Client Secret value immediately — it is shown only once at creation time. Store it securely in a password manager or secrets vault.
4

Grant Microsoft Graph Permissions

Under API permissions → Add a permission → Microsoft Graph → Application permissions, add the Intune device-management permissions for inventory and compliance (and a managed-device action permission if you will use remediation). Then click Grant admin consent.
Exact portal navigation, permission names, and admin-consent flow may vary across tenants and Graph versions. See the Microsoft Graph permissions reference and Intune device management docs for current details.

Configure in RAD Security

Navigate to your RAD Security workspace and configure the Microsoft Intune integration with the following parameters:

Required Parameters

ParameterRequiredDescription
Client IDYesApplication (client) ID of the Entra ID app registration
Client SecretYesClient secret value generated for the app registration
Directory (Tenant) IDYesMicrosoft Entra directory/tenant identifier
Graph URLNoOptional Microsoft Graph base URL override for national/sovereign clouds

Verify Integration

1

Check Connection Status

  1. Navigate to Data Sources > Integrations > Endpoint Management in RAD Security
  2. Locate your Microsoft Intune integration
  3. Verify the connection status shows as Connected
Your Microsoft Intune integration is now configured! RAD Security will ingest device inventory and compliance findings from Intune on a scheduled basis.

What Data is Synced

Intune managed devices, mapped to OCSF Device Inventory Info (5001) — hostname, OS, hardware, serial, owner, managed/compliant flags, risk, and first/last-seen timestamps.
Device compliance posture, mapped to OCSF Compliance Finding (2003) and stored as security findings. Feeds unified posture analysis and RADBot.
The one write action — RAD can trigger an Intune remediation on a device via Graph. RBAC-gated (tenant write) and recorded as an OCSF Device Control Finding.

Use Cases

Compliance Management

Track device compliance gaps from discovery through remediation across your Intune-managed fleet.

Asset Visibility

Use managed-device inventory to understand your endpoint estate and reduce attack surface.

Threat Response

Trigger Intune remediation on a non-compliant or compromised device directly from RAD.

RADBot Prioritization

Leverage RADBot to prioritize Intune device findings by real-world impact.

Troubleshooting

Possible causes:
  • Incorrect Client ID, Client Secret, or Tenant ID
  • The client secret expired or was deleted
Solution:
  • Verify the Client ID, Client Secret value, and Directory (Tenant) ID are correct
  • Confirm the client secret has not expired; create a new one and update RAD if needed
Possible causes:
  • Required Microsoft Graph application permissions were not added
  • Admin consent was not granted
Solution:
  • Add the Intune device-management Graph permissions to the app registration
  • Click Grant admin consent and retry the connection
Possible causes:
  • National/sovereign cloud tenant using the global Graph endpoint
  • No managed devices in the tenant
Solution:
  • Set the Graph URL override for your national cloud
  • Confirm managed devices exist in Intune for the tenant

Security Best Practices

Dedicated App Registration

Use a dedicated app registration for the RAD integration rather than sharing one with other tools.

Least Privilege

Grant only the Graph permissions required for device inventory, compliance, and remediation.

Rotate Secrets

Rotate the client secret before expiry and according to your security policy.

Secure Secret Storage

Store the client secret in a secrets vault. Never commit it to version control.

Additional Resources

Microsoft Intune Documentation

Official Microsoft Intune documentation

Endpoint Management Overview

Learn about RAD’s endpoint management integrations

Next Steps

Endpoint Management Integrations

Explore other endpoint management integration options

Data Sources

Connect additional security data sources

RADBot

Learn how RADBot helps prioritize findings