1. Intune Administration using Azure Console & Graph Automation
8/22/2018 6:32 AM
BRK3119
Intune Administration using Azure Console & Graph Automation
David Falkus – Program Manager Intune
@davefalkus
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Agenda Access Visualize Automate Intune in Azure
8/22/2018 6:32 AM
Agenda
Access
Intune in Azure
Microsoft Graph - the guts and the glory
Visualize
Custom App development
Automate
PowerShell and more!
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. A day in the life of Tom… Emma - Helpdesk Rob - CIO Victor - Developer
8/22/2018 6:32 AM
A day in the life of Tom…
Emma - Helpdesk
Rob - CIO
Victor - Developer
Ronnie – IT Administrator
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4. Access Visualize Automate Intune in Azure
8/22/2018 6:32 AM
Access
Intune in Azure
Microsoft Graph - the guts and the glory
Visualize
Custom App development
Automate
PowerShell and more!
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5. Intune in the Azure Portal
8/22/2018 6:32 AM
Intune in the Azure Portal
An integrated console for all your Enterprise Mobility + Security (EMS) components (
An HTML-based console built on web standards
Microsoft Graph API support to automate many actions
Azure Active Directory (AD) groups to provide compatibility across all your Azure applications
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. Supported web browsers for the Azure portal
8/22/2018 6:32 AM
Supported web browsers for the Azure portal
Microsoft Edge (latest version)
Microsoft Internet Explorer 11
Safari (latest version, Mac only)
Chrome (latest version)
Firefox (latest version)
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7. Using the Intune Console – A quick Tour
Make the Portal Work for you!
Customize your Services Menu
Organize your Services
Set your preferred theme
Familiarize yourself with the menu groups

8. Intune Reporting – Data Warehouse
8/22/2018 6:32 AM
Intune Reporting – Data Warehouse
Provides access to Intune management data for your organization
Dataset more comprehensive than what’s seen in the Azure portal (Up to 90 days of Data)
Microsoft Power BI and other OData compatible reporting services can connect to the Warehouse
Data Collections:
devices
mamApplications
mdmStatuses
policies
users
Power BI
OData Client
PowerShell
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Rob wants to understand the Intune Portal and Reporting Capabilities… Let’s Do it! Azure UI and PowerBI

10. Microsoft Graph HTTPS://GRAPH.MICROSOFT.COM/
8/22/2018 6:32 AM
Microsoft Graph
Insights and relationships from Office graphs
One endpoint to rule them all
Single resource that proxies multiple Microsoft services
Allows for easy traversal of objects and relationships
Access to data and intelligence
Eliminates the need for discovery endpoints
Only one OAuth access token needed
Available as a public API
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11. Microsoft Graph CONVERSATIONS USER DEVICES EVENTS TASKS GROUPS NOTES
8/22/2018 6:32 AM
Microsoft Graph
TASKS
manager
memberOf
DEVICES
MESSAGES
workingWith
Shared with me
registeredOwner
FILES
CONVERSATIONS
createdBy
EVENTS
trendingAround
GROUPS
NOTES
modifiedBy
USER
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12. Microsoft Graph – Query Format
8/22/2018 6:32 AM
Microsoft Graph – Query Format
Graph URL
(Static)
Version
(v1.0 or Beta)
Specific entity type / resource, such as users, groups, devices, etc. eq
Optional Odata query arguments: $filter, $top
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13. Microsoft Graph – Query Format
8/22/2018 6:32 AM
Microsoft Graph – Query Format
REST requests use Standard HTTP methods
GET
POST
PATCH
DELETE
Provides the ability to pull data from Microsoft Graph
Provides the ability to POST / ADD data into Microsoft Graph
Provides the ability to PATCH / UPDATE resources
Provides the ability to DELETE individual resources from Microsoft Graph
Data returned in JSON format
Data sent to the service in JSON format
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14. Microsoft Graph – Relationships
8/22/2018 6:32 AM
Microsoft Graph – Relationships
Microsoft Graph can show the relationships that it has with different resources
GET: {
"displayName": "Tenant Admin Account",
"preferredLanguage": "en-US",
"userPrincipalName": }
GET:
"#microsoft.graph.group",
"id": "ee0af6a3-db7c-47dd-ac77-b74e2a1b8676",
"displayName": "All Users"
GET:
"value" : […]
GET:
"disabledPlans": [],
"skuId": "9bc c4-4d60-93f1-39a540ac7649“
Devices
ownedDevices
Groups
memberOf me
Licenses
assignedLicenses
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15. 8/22/2018 6:32 AM
What is JSON
JSON (JavaScript Object Notation) is a lightweight data-interchange format
A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array.
An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence.
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16. JSON Format { "userPrincipalName": "bob@tenant.onmicrosoft.com",
"accountEnabled": true,
"passwordProfile": {
"password": "Password123",
"forceChangePasswordNextLogin": false },
"mailNickname": "bob",
"usageLocation": "GB",
"displayName": "Bob Smith" }
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17. Microsoft Graph Data Authentication and Authorization
Insights and relationships
Calendar
Personal Contacts
Files
Notes
Org Contacts
People
Users
Excel
Tasks
Mail
Groups
Data
Authentication and Authorization
OpenID Connect and OAuth 2.0
XCode
Eclipse or Android Studio
Visual Studio
REST
Development Environment
YOUR APP
Your choice of technology (.NET, JS, HTML, Ruby, etc.)
Microsoft Azure
Other hosting (IIS, LAMP, etc.)
Solution

18. Insights and Relationships
8/22/2018 6:32 AM
Intune in Azure
Microsoft Graph provides the ability to access and automate the Intune service via RESTful API
Note: Using the Microsoft Graph APIs to configure Intune controls and policies requires that the Intune service is correctly licensed by the customer.
Insights and Relationships
Users
Groups
Devices
Mail
Files
Your App
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19. Microsoft Graph API (SDK) https://graph.microsoft.com
8/22/2018 6:32 AM
Intune in Azure
Intune UX
Device Compliance
Manage Apps
Device Configuration
Managed Devices
AAD Extension
Microsoft Graph API (SDK)
Intune
Service
Azure Active
Directory
Policy Provider
App Provider
Policy Provider
App Provider
Exchange
Office 365
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20. Intune in Azure – API
The graph call can be seen in the UI if you use Developer Mode (F12) in your browser

21. Intune in Azure – API Documentation
Beta documentation is available -

22. Intune in Azure – API Change Log
Change Log for Graph API

23. Microsoft Graph Explorer
OSS Web tool for consuming Graph APIs
Supports Beta and v1.0 APIs
Shortcuts to samples
Enables access & automation
Modern auth supported
Activity History

24. Ronnie needs to view data in Azure Let’s Do it
Ronnie needs to view data in Azure Let’s Do it! Microsoft Graph Explorer

25. Access Visualize Automate Intune in Azure
Microsoft Graph - the guts and the glory
Visualize
Custom App development
Automate
PowerShell and more!

26. Intune in Azure – Application Development
Microsoft Graph provides flexible tooling, languages and industry standard RESTful APIs
You can use any language that support REST to code with Graph -
Development Environment
XCode
Eclipse or Android Studio
Visual Studio
REST

27. Victor codes an app for Intune using Graph Let’s Do it
Victor codes an app for Intune using Graph Let’s Do it! Console / Universal App for Helpdesk

28. Access Visualize Automate Intune in Azure
Microsoft Graph - the guts and the glory
Visualize
Custom App development
Automate
PowerShell and more!

29. Intune in Azure – GitHub
8/22/2018 6:32 AM
Intune in Azure – GitHub
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30. Intune in Azure – GitHub
A common issue that we’ve seen:

31. Intune in Azure – Paging
All Microsoft Graph queries are subject to paging
Request odata.nextLink
Your App
Microsoft Graph
Send GET request 3
Send GET request 4
Intune Service
Receive 1000 JSON objects 6
Send 1000 JSON objects 5 8
If exists send
response back to
get data 7
Check if
odata.nextLink
exists 1
Authenticate User
Issue Access token 2
Graph Response:
odata.nextLink
Azure AD

32. Intune in Azure – Paging Control
To control the amount of data returned, Graph supports query parameters to customize responses
Example:
ge T11:03:43Z
Name
Description
Example
$filter
Filters results (rows).
$top
Limits results.

33. Ronnie needs to get list of stale devices and take action on them… Let’s Do it! PowerShell

34. Intune in Azure – Troubleshooting Automation
Troubleshoot blade offers helpdesk single pane of glass view 1
Collect Intune / AAD User Data via Graph 2
Receive User Information
Data
PowerShell
Microsoft Graph
Intune Service
Azure AD
Sends Graph REST request

35. Emma need to troubleshoot a user… Let’s Do it! PowerShell

36. Intune in Azure – Tenant Automation
8/22/2018 6:32 AM
Intune in Azure – Tenant Automation
PowerShell and Graph gives you the ability to fully automate an Intune Tenant setup and configuration to a desired state
Desired State:
Compliance
Configuration
App Protection
Applications
PowerShell
Microsoft Graph 3
Send Desired Intune State Configuration 4 2
Download the samples for automation 1
Visit PowerShell Intune Samples 5
Configure Intune Tenant with Desired State
Intune Graph
Repository
Intune Tenant
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37. Intune in Azure – Tenant Automation
8/22/2018 6:32 AM
Intune in Azure – Tenant Automation
POC creation script provides the following outcomes: IT
Intune standalone (cloud only)
Set MDM Authority (*New Tenant*)
AAD Groups
Device Restrictions + Enrollment Limit
Terms and Conditions
Compliance + Configuration Policies
App Protection Policies
iOS + Android Application Addition
Intune Role
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38. Ronnie wants to create a fully configured Intune POC Let’s Do it
Ronnie wants to create a fully configured Intune POC Let’s Do it! PowerShell

39. Further examples of what’s possible…
Helpdesk Operator App
View device details, deployed apps, deployed configurations
Remote tasks: wipe, passcode reset, lost mode, bypass activation lock
App Purchase / Approval
Bulk add iOS or Android apps into Intune
Add into workflow for purchase, download, and deployment of an app
HR App
Auto-add new employee to groups for compliance / configuration policy deployment
Automatically remove company data upon employee leaving organization
DevOps Toolset
Migrate apps, policies or configurations from a POC to PROD environment
Perform ad-hoc reporting, archiving, or auditing
Integrate with alerting, monitoring or operations tools

40. Highlights...
Graph API is a single endpoint for online services such as O365, AAD, Intune, and others.
In depth data and service resource relationships drive simplified access and automation of online services.
If it’s in the UI / Graph – you can build equivalent Apps
Samples, quick-start tools on Github and responsive online help through Stackoverflow.

41. Resources & Help Introduction to Microsoft Intune in the Azure Portal
PowerShell Scripts
Intune Graph API Resource Docs

42. FastTrack for Microsoft 365
8/22/2018 6:32 AM
FastTrack.microsoft.com
FastTrack for Microsoft 365
Move to the cloud with confidence
Faster Deployment
Migrate , content, and light up Microsoft 365 services
Deploy and securely manage devices
Enable your business and gain end-user adoption
Delivered by Microsoft engineers as part of your subscription
Tight integration with qualified partners for additional services
Maximized ROI
Higher Adoption
© Microsoft Corporation. All rights reserved.

43. Ignite 2017 Intune/ConfigMgr sessions
8/22/2018 6:32 AM
*Locations are subject to change. Please check Ignite Scheduling Tool prior to session time
Ignite 2017 Intune/ConfigMgr sessions
Code
Day
Time
Title
BRK3057
Tuesday
9:00 AM - 10:15 AM
Overview: Modern Windows 10 and Office ProPlus management with EMS
BRK3075
10:45 AM - 12:00 PM
Modernize deployment and servicing of Windows 10 and Office ProPlus with EMS
BRK2015
Wednesday
Mobile device and app management overview with Microsoft Intune
BRK3009
4:00 PM - 5:15 PM
System Center Configuration Manager overview and roadmap
BRK3011
Thursday
Manage and secure Android, iOS and MacOS devices and apps with Microsoft Intune
BRK3076
Transition to cloud-based management of Windows 10 and Office ProPlus with EMS
BRK3012
Secure access to Office365, SaaS and on-prem apps with Microsoft EMS
BRK2079
12:30 PM - 1:45 PM
Secure Windows 10 with Intune, Azure AD and System Center Configuration Manager
BRK3119
2:15 PM - 3:30 PM
Learn how to use Intune with the new admin console and Microsoft Graph API
BRK3059
Friday
10:15 AM - 11:00 AM
Manage and protect Office 365 mobile apps with Microsoft Intune
BRK3010
Conduct a successful pilot deployment of Microsoft Intune
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44. Please evaluate this session
Tech Ready 15
8/22/2018
Please evaluate this session
From your
Please expand notes window at bottom of slide and read. Then Delete this text box.
PC or tablet: visit MyIgnite
Phone: download and use the Microsoft Ignite mobile app
Your input is important!
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

45. 8/22/2018 6:32 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.