This page explains what the Intune scanning requirements are for Lansweeper, and how to generate the application ID required for scanning.
Lansweeper is capable of scanning Android, iOS (iPhone and iPad) and Windows Phone mobile devices that are enrolled in Microsoft Intune.
Intune scanning requirements
To scan mobile devices through Microsoft Intune, the following requirements must be met:
- Your Lansweeper installation must be version 7.1 or higher.
- Your Lansweeper license must support Intune scanning.
- Your Lansweeper scanning server must have access to the internet.
- Your Lansweeper scanning server must have graph.windows.net whitelisted.
- Your mobile devices must be enrolled in Microsoft Intune. Enrollment instructions can be found on the Microsoft website.
- Your mobile devices must be Android, iOS (iPhone or iPad) or Windows Phone devices.
- You must provide Lansweeper with the email address and password of a user that can see your Intune devices in Microsoft Azure. An Intune administrator is guaranteed to have sufficient rights.
- The user submitted as scanning credential in Lansweeper may not have multi-factor authentication (MFA) enabled.
- You must provide Lansweeper with the application ID of an application that can read Intune devices from the Microsoft Graph API.
Setting up the Intune application
To set up an application that can read Intune devices from the Microsoft Graph API, do the following:
- Log into your Azure account.
- Select the Azure Active Directory menu on the left, go to the App registrations section and select the New registration button.
- Submit a name for your application and select Register at the bottom of the page. Optionally, though this is less secure, you can change the account types setting on the page to allow accounts in other organizational directories to access the app as well.
- Copy the application ID that is listed on the resulting page, as you'll need to submit this in Lansweeper.
- Select the Authentication menu of your application, set the default client type setting to Yes and select Save.
- Select the API permissions menu of your application and click the Add a permission button.
- Select Microsoft Graph from the list of available APIs in the resulting pop-up and then select Delegated permissions.
- Submit
DeviceManagementManagedDevices.Read.All
in the search box, tick the permission in the search results and select Add permissions. The aforementioned permission allows the app to read Microsoft Intune devices.
- Have someone with administrative rights to your Azure Active Directory select the Grant admin consent for <your organization name> button on the resulting page.
- You now have an application ID that you can submit as part of your Intune scanning credential in Lansweeper. You'll also need to submit the email address and password of a user that can see your Intune devices in Microsoft Azure.
Instructions for configuring Intune scanning in Lansweeper can be found in this knowledge base article.
Was this post helpful? Select Yes or No below!
Did you have a similar issue and a different solution? Or did you not find the information you needed? Create a post in our Community Forum for your fellow IT Heroes!
More questions? Browse our Quick Tech Solutions.