Intune and PowerBI Deep Dive - Part 9 - Connectors and Tokens
- Jonathan Fallis
- Date : July 26, 2024
- Categories : Power bi ,Intune ,Microsoft graph
- Tags : Microsoft , Intune , Power bi , Microsoft graph
In this post I’m going to cover (some) connectors and tokens in Microsoft Intune. In particular, how we pull in the data from them into PowerBI. These are going to be slightly different to the preceding posts as these will only take one form, a direct call. The difference here is that we’re not using a logic app, we’re just calling the API and processing the result. This is what I mean by a “direct Microsoft Graph call”, no pagination required so the Power Query M will take the form of first getting a bearer token for authorisation and then using the token to authenticate against the graph and ultimately passing the data back for us.
Continue ReadingDearest gentle reader… (Yes, my wife is making me watch that Bridgerton series on netflix, so I may speak like a 19th century gentlemen during this blog post… or not…) I recently wrote about Center for Information Security (CIS) and how those configurations broke Windows Autopilot. It then developed into a series on CIS with another gentleman of the manor, Nick Benton. And so, speaking of security posture, on my latest customer engagement they wanted to modernise their Windows Management and explore Entra joined only devices using Autopilot, but also, to improve their security configuration by using Microsoft Security Baselines - which of course I did but in doing so this broke their SAML authentication on Forticlient VPN - so here’s the story of how I fixed it.
Continue ReadingDefender for Endpoint, are you licensed for it? Are you using it? Are you using Intune? Then why are you not using the Intune Connector for Microsoft Defender for Endpoint (MDE)? In this article I will hope to explore this on your behalf and share my findings. Microsoft Defender for Endpoint and Intune can be integrated to enhance your organisation’s security posture by enabling endpoint protection, threat detection, and response capabilities across all managed devices. This integration allows for the sharing of security information and the application of compliance policies based on threat intelligence. So, what do we need to be able to use this?
Continue Reading(And yes I know…. AI Generated blog post images are beginning to get a bit cringe… but I actually liked this one so I rolled with it) Hello again folks, today we’re talking CIS. What is it and more specifically what does it break? Here in the UK, everyone talks about NCSC baselines and adhering to Cyber Essentials or Cyber Essentials Plus and for both of these there is some guidance you can follow with suggestions that help you improve your security posture. NCSC even provide some (old) JSON files for Windows Configuration for configuration profiles you can download and import to Intune to get you started.
Continue ReadingIn this post we’ll look at pulling in details about Autopilot devices. Our list call from Managed Devices, covered in part 6, gives us a column to tell us whether that device is autopilot enrolled but what if we want more information than that? What if we want to know the group tag it uses or whether it has an autopilot profile assigned to it. Lets go get that! Quick Links Series Menu Part 1 - Where to Start Part 2 - Application Registration Part 3 - Exploring Graph URLs Part 4 - Get-BearerToken Part 5 - Heavy Lifting Part 6 - Managed Devices Part 7 - Managed Applications Part 8 - Autopilot Devices Part 9 - Connectors and Tokens Table Of Contents Graph URL Global Pre-requisites Chose your method Create the query Explanation Relationships Next post Graph URL The graph URL we are using in this section is deviceManagement/windowsAutopilotDeviceIdentities/.
Continue ReadingIn this post we’ll look at Applications within Intune. The Graph response for this will have some additions for applications at the bottom for cross referencing purposes so check those out too. Especially if you use PatchMyPC. Lets get to it! Quick Links Series Menu Part 1 - Where to Start Part 2 - Application Registration Part 3 - Exploring Graph URLs Part 4 - Get-BearerToken Part 5 - Heavy Lifting Part 6 - Managed Devices Part 7 - Managed Applications Part 8 - Autopilot Devices Part 9 - Connectors and Tokens Table Of Contents Graph URL Global Pre-requisites Chose your method Create the query Explanation Relationships Supported Product Lists Additional Next post Graph URL The graph URL we are using in this section is deviceAppManagement/mobileApps/.
Continue ReadingIn this post we are finally going to look at getting some data into PowerBI to play around with. We are going to use a query in PowerBI to go and retrieve our managed devices information. Remember discussing pagination for APIs? Should you have more than 1000 devices we’re also going to need to consider Pagination but don’t worry there are three methods to do this discussed below. Quick Links Series Menu Part 1 - Where to Start Part 2 - Application Registration Part 3 - Exploring Graph URLs Part 4 - Get-BearerToken Part 5 - Heavy Lifting Part 6 - Managed Devices Part 7 - Managed Applications Part 8 - Autopilot Devices Part 9 - Connectors and Tokens Now, when you first approach this task you might consider employing a coding mindset akin to PowerShell, such as fetching the initial 1000 devices and implementing a do-while loop to retrieve the remaining ones using a method such as checking for the presence of another @Data.
Continue ReadingIn this post we’ll take a look at using Logic Apps and OData.Feed to do the ‘heavy lifting’ for us. By heavy lifting, essentially this is handling pagination of the Microsoft Graph Call. Using the app registration permissions for authorisation to the data, then processing the result in order to make sure we have all the data we need and finally passing the results back to PowerBI so that its handled outside of PowerBI. PowerBI only cares about the data. Quick Links Series Menu Part 1 - Where to Start Part 2 - Application Registration Part 3 - Exploring Graph URLs Part 4 - Get-BearerToken Part 5 - Heavy Lifting Part 6 - Managed Devices Part 7 - Managed Applications Part 8 - Autopilot Devices Part 9 - Connectors and Tokens There are three ways I’ve achieved this.
Continue ReadingIn the previous posts, we talked about obtaining an access token (bearer token) to access the data in our environments. We even looked at using our first POST query to post a request for a token in PostMan. The reason I’ve called this post ‘Get-BearerToken’ is because I’m going to explain how to use a combination of PowerBI Variables and a function to leverage the Application Registration we have to get a bearer token within PowerBI Desktop. We can then use that bearer token to authenticate against the Microsoft Graph and start to pull data into PowerBI like we did in the PostMan application.
Continue ReadingNext up, we’re going to explore the Graph and the URLs and permissions, in this post, continuing on from Part 1 and Part 2, our next step is begin to firstly understand our path to getting Intune Data into PowerBI, which is going to be via direct Microsoft Graph calls - Remembering of course that the Intune Data warehouse did not meet our requirements. We are also going to leverage an application registration to access the data we want to see. This is gonna be a BIG post, so make sure you have plenty of time to read. Quick Links Series Menu Part 1 - Where to Start Part 2 - Application Registration Part 3 - Exploring Graph URLs Part 4 - Get-BearerToken Part 5 - Heavy Lifting Part 6 - Managed Devices Part 7 - Managed Applications Part 8 - Autopilot Devices Part 9 - Connectors and Tokens We’re going to explore the Microsoft Graph URLs, the structure of them, how to obtain what we need and some tools to test them to ensure we’ve got them correct.
Continue ReadingContinuing from Part 1, our next step is to establish an application registration in Azure. This registration will enable us to utilise its permissions for accessing data on the Microsoft Graph and hopefully then, importing that data into PowerBI. This setup is essential as it serves as a global prerequisite for accomplishing our ultimate objective. Quick Links Series Menu Part 1 - Where to Start Part 2 - Application Registration Part 3 - Exploring Graph URLs Part 4 - Get-BearerToken Part 5 - Heavy Lifting Part 6 - Managed Devices Part 7 - Managed Applications Part 8 - Autopilot Devices Part 9 - Connectors and Tokens Creating the App Reg This is going to be a ‘whistle stop tour’ of setting up an application registration.
Continue ReadingIn this series, I will guide you through the process of extracting data from Microsoft Graph, specifically Microsoft Intune, and integrating it into PowerBI. We will explore different approaches, considering their advantages and disadvantages, in order to provide you with a solid foundation for creating your own reports within your specific environment. Its intent is to take you on a journey as I discover what to do, so please do take the time to read them in order to ensure you come along for the ride! I have invested significant time and effort into studying this subject and understanding the potential pitfalls associated with various approaches.
Continue ReadingIn this post I’m going to talk about using the Windows autopilot deployment for existing devices Task sequence in configuration manager and modifying that task sequence to set a group tag during the process. You may know that traditionally this tasks sequence is used to ‘build’ devices and have them ready to start the autopilot process. I had a customer recently that had that very need. They had purchased a large number of machines that were delivered with Windows 10 installed and not Windows 11. As the customer was on their Windows 11 uplift journey already they were a bit disappointed to say the least and they opted to create a Configuration Manager task sequence to prep them for autopilot.
Continue ReadingHello everyone, I hope you are all safe and well. I’ve been thinking about writing this for a while and I hope it helps some of you new to app packaging. How do I build apps? It never hurts to brush up if you’re a seasoned app-packager. App packaging isn’t going away any time soon, everyone needs apps. The Microsoft app store has gotten better but I don’t feel it’s quite there yet in terms of broadly available applications. Sometimes, companies can have line-of-business applications that they build in-house and as system administrators, you may be responsible for packaging and distributing those applications.
Continue ReadingI recently had a customer who uses FortiClient as their VPN solution, and they have recently embarked on setting up Hybrid AAD. We set their tenant up, sorted out licensing and I started to put in the fundamental elements to begin the journey to using Autopilot for provisioning devices. I had undertaken setting up AAD connect and using IDFix to remediate any issues, such as UPN suffixes for end-users via PowerShell, and we were ready to go. Equally, I had made them an Intune Win32app for FortiClient, and this installed and removed just fine using PSADT. I had already tested the Autopilot process and things were looking good.
Continue ReadingHi Folks! Leading on from this post about getting started with PSADT, and as promised, I’m writing up my experience with it and creating Win32 Intune apps. So firstly, I’m assuming by now that you read and absorbed the first write up I did, you should have noticed that a couple of things I did in that post can actually be done differently and be eager and armed with understanding the format and have a good idea about what to do. Combine that with great ‘google-fu’ and you’re ready to continue your decent app packaging journey. Using this with ConfigMgr applications is quite simple because once you’ve prepared your application you use the root folder as the source content for the application and the rest is pretty straight forward (holler at me if you want that blogging too).
Continue ReadingHi all, thought I’d write up what I’ve been working on recently, which is re-visiting PowerShell App Deployment Toolkit. A great Resource for ConfigMgr apps, but equally it is supported in Intune so I will be doing a follow-up post on using this with Intune. I know there are plenty of blogs out there on this so this is just my interpretation and is intended to get people started. I know, for example, that the kit comes with a wide variety cmdlets that you can utilise to achieve tasks but this write up is based around getting those a little familiar with PowerShell up to speed with it.
Continue Reading