Intune Management

= **General information about Intune Management** =

Each portal creates a node, which is then divided into the following areas: //Apps//, //Users//, and //Groups//. If you want to create and manage multiple portals, they will be listed in a clear and structured manner.

6

7

8

If you have enabled [[multi-tenancy>>doc:ACMP.68.ACMP-Solutions.System.Mandanten.WebHome]], you will only see the hubs that are assigned to the tenant you are logged into.

Devices are not listed within the plugin because, like all other clients, they can be viewed via [[Query Management>>doc:ACMP.68.ACMP-Solutions.Client-Management.Abfrageverwaltung.WebHome]].

13

14

15

The following sections contain information about apps, users, groups and devices.

16

If you have not yet created an Intune portal, read the necessary steps [[here>>doc:.Einstellungen für das ACMP Intune Management.WebHome]].

17

18

== **Preparations for registering Microsoft Entra ID and enterprise application** ==

19

20

In order to access the Intune data, a company application must be registered within Entra ID. This application must be granted the appropriate permissions. You can find detailed instructions for this [[here>>doc:ACMP.68.Unternehmensanwendung registrieren in der Microsoft Entra ID.WebHome]], as well as all the necessary [[permissions (Intune Management)>>doc:ACMP.68.Unternehmensanwendung registrieren in der Microsoft Entra ID.WebHome||anchor="HDistributepermissions"]] that you must grant.

21

22

23

If you want to distribute an ACMP agent with a gateway certificate via Intune, you can read a use case including step-by-step instructions [[here>>doc:ACMP.68.ACMP-Solutions.Client-Management.Agenteninstallation.ACMP Agent mit Gateway-Zertifikat über Intune verteilen.WebHome]].

= Apps =

All managed apps for your Intune client are displayed under Apps.

29

30

The view is divided into two sections: On the left-hand side, you will find an alphabetically sorted list of all apps. Using the drop-down menu at the top, you can filter the entries by operating system platform (Windows, Android, etc.). By default, //All// are displayed. If you are looking for a specific app entry, you can enter the name of the app in the search bar. The right-hand side shows the details for the selected app.

31

32

To delete an app, click on the Delete button ([[image:1748945735635-388.png]]) in the ribbon bar. //Refresh data// ([[image:1748945735635-592.png]]) imports and resynchronises the Intune data (see //[[Scheduled Server Task for importing Intune data>>doc:.Einstellungen für das ACMP Intune Management.WebHome||anchor="HScheduledServertaskforimportingIntunedata"]]//).

33

34

35

f you delete an app from ACMP Intune Management, it will also be deleted from Intune itself. Deletion cannot be undone.

36

37

38

[[Overview of managed apps>>image:68_Intune Management_Übersicht Plugin_1556.png]]

39

40

== **Detailed view of the apps** ==

41

42

Once you have selected an app, you will see the details of the app on the right-hand side: The upper half contains the general properties of the selected app (publisher, creation date, etc.), and the tabs with further information are listed below.

43

44

45

Please note that the property fields are only filled with data if there is information that can be read. ACMP has no influence on which data is entered.

Not all app types have the same properties. The properties may vary depending on the app type selected.

50

51

52

The three tabs at the bottom provide additional information about the apps and are structured as follows: //Assignments//, //Installations// and //Additional details//.

53

54

|**Rider**|**Description**

55

|Assignments|The //assignments// show you which groups are assigned to the apps. You can also edit the assignments here. For more information, see the section //Managing app assignments (VERLINKUNG)//.

56

|Installations|The //Installations //section shows you which devices the app installation has already been started on and the status of the installation. The information is divided into the device name, user name and status. If an error occurs during installation on a device, you can find the cause of the error in the status details.

57

|Additional details|(((

58

Here you will find further information that depends on the app types (e.g. minimum operating version or release status, etc.).

59

60

The fields are filled automatically and no changes can be made to this information.

)))

**Tip: **If you would like to get a more detailed overview of your managed apps, you can easily do this across the desired Intune clients using queries and reports. There are display fields for every piece of information you see in the app details. You can find these under New query > Query basis „Intune Apps“.

65

66

67

[[Additional details about the Google Chrome app>>image:68_Intune Management_Zuweisungen Übersicht_970.png]]

68

69

== **Manage app assignments** ==

70

71

To assign a new assignment to an app or edit an existing assignment, select the desired app and open the //Assignments //tab below the detailed view. On the right-hand side, you will find the //Edit assignments //button ([[image:1748945897091-891.png]]), which you must click. A new window will open, displaying all available app assignments.

72

73

[[Group assignment open>>image:68_Intune Management_Gruppenzuweisung bearbeiten_686.png]]

74

75

The window lists existing group assignments for the app (see image above), but you can also add new ones ([[image:1748945913281-653.png]]) or make changes to existing assignments ([[image:1748945913282-992.png]]) or delete them ([[image:1748945913282-445.png]]).

== Add assignment ==

Click on //Add assignment// ([[image:1748945924595-520.png]]) and a new window for group assignment will open. Here you must assign the assignment type, the group and the group mode.

80

81

=== **Assignment type** ===

82

83

Assignment type specifies how the apps are to be handled. The following assignment types are available:

84

85

|Required|(((

86

A //required //permission type indicates that the app must be installed on the devices. Installation occurs automatically when the app is detected as unavailable on the device.

87

)))

88

|(((

89

Available for enrolled devices

or

Available with or without registration

94

)))|(((

95

Both types have the same installation behaviour and differ only in how the device was added to Intune (whether only for registered devices or whether no registration is necessary).

96

97

The assignment types indicate that there is an app in the company portal where users can decide for themselves whether or not to install the app on their device.

98

)))

99

|Uninstall|If the app is detected on the device, it will be automatically uninstalled with this assignment type.

100

101

102

Please note that the assignment types depend on the app type and that not all values are available for every app type.

=== Group ===

All groups that have been imported are listed here.

108

109

110

A group can only be added to the same app and assignment type once. If the selected group has already been assigned to the app in group mode „Included“, this group can only be assigned to the other assignment types as "Excluded".

=== Group mode ===

The group mode specifies whether the app should be assigned to the group (‘Included’) or not assigned to the group („Excluded“).

116

117

118

If the selected group is already used in another assignment for this app with the group mode “Included”, only „Excluded“ can be selected.

119

120

121

Once you have entered all the required values, you can complete the assignment by clicking //OK//. The changes will be transferred directly to your Intune tenant.

122

123

124

If an error occurs, for example because the app has already been assigned to a group twice, this will be displayed.

If „not available“ is displayed under the group, this indicates an orphaned assignment in Intune. This can happen, for example, if the group is deleted at a later date. When a group is deleted, associated app assignments are not automatically deleted and must be deleted manually.

129

130

131

== Edit assignment ==

132

133

To make changes to existing assignments, select the desired app in the group assignment window that opens and then click //Edit assignment// ([[image:1748946063516-449.png]]). Change the values and then click //OK// to save the changes.

134

135

136

It is not possible to edit the assignment type or group in existing assignments.

137

138

139

[[Edit assignments>>image:68_Intune Management_Zuweisungen bearbeiten_686.png]]

140

141

== Delete assignment ==

142

143

To delete an assignment, select the assignment and click the button with the same name ([[image:1748946087583-543.png]]) on the right-hand side and confirm the dialogue with //Yes//. The assignment will then be deleted from your Intune client.

= User =

All users of your Entra ID client are listed under Users. As with the apps, the view is divided into two sections: On the left-hand side, you will find an alphabetically sorted list of all users assigned to this portal and client. You can search for specific users using the search bar. The right-hand side shows the details for the selected user.

148

149

If you want to remove a user, click //Delete //([[image:1748946385345-574.png]])// //in the ribbon bar and confirm the dialog box that appears. Please note that deleting a user within the ACMP Console also permanently removes the user from Intune. Deletion cannot be undone. To re-import or synchronise Intune data, click //Refresh data //([[image:1748946385346-750.png]]).

150

151

152

When importing user data, the system checks whether a contact already exists in the [[master data>>url:https://doc.aagon.com/bin/view/ACMP/68/Arbeiten%20mit%20der%20ACMP%20Console/Aufbau%20der%20Console/Ribbonleiste/Stammdaten/]]. If there is no contact, the user is created in the contacts. As soon as there is a contact for this user, the two are linked. You can see which users are linked to the contact in the contact details under the User Accounts tab (here, for example, the source of the user account may be „Entra ID“).

[[View of users in Intune Management>>image:68_Intune Management_Übersicht Benutzer_1915.png]]

157

158

== Detailed view of users ==

159

160

161

Please note that the fields for the user are only filled with data if there is information that can be read.

162

ACMP has no influence on which data is entered.

163

164

165

Once you have selected a user from the list, the details for that user are displayed on the right-hand side: General information (name, user type, place of residence, etc.) can be found in the upper half of the detailed view, with additional information in the lower half, divided into different tabs: //Further information//, //Groups//, //Devices//, //App installation status// and //On-Premises.//

166

167

|More Information|Further information about the selected user is listed here. This includes details such as the date the user was created or the last password change.

168

|Groups|The groups to which the user belongs are specified. All group memberships are listed by name, along with the respective group and membership type. Read [[here>>doc:||anchor="HManagemembers"]] to find out how you can manage group memberships.

169

|Devices|This tab allows you to view which devices managed in Intune are assigned to the user. The information displayed includes, for example, the operating system or the current compliance status.

170

|App install status|The app installation status shows the user which installation has already been started on which device and the result of the installation. If an error occurs and the status is, for example, „Failed“, you can find more information about why the installation failed in the status details.

171

|On-Premises|If you have a hybrid Active Directory environment (e.g. because Entra ID and On Premise AD are linked), you can use this tab to read additional data about the user (e.g. the main user name or whether synchronisation has been enabled).

172

173

[[Open tab for further information about a user>>image:68_Intune Management_Detailansicht Benutzer_1081.png]]

174

175

176

**Tip**: Based on the query basis ‘Intune users’, you can create a query from the information stored here. The information is available as display fields and can also be used later when creating reports.

177

178

179

== Manage group memberships ==

180

181

To manage group memberships, click on the button [[image:1748946517894-290.png]] in the //Groups //tab on the right. A new window will open, displaying the current group memberships of the selected user. On the left-hand side, you will find all available groups that you can assign to the user; on the right-hand side, the groups of which the user is already a member are listed.

182

183

You can search for entries in both tables using the respective search field at the top. The two tables are divided according to the name of the group, the group type and the member type. To assign a group to the user, either drag and drop an available group entry from the left table to the right table, double-click on it or click the button ([[image:1748946517896-338.png]]).

184

185

To remove an entry, you can drag and drop the group from the right-hand view, double-click it or use the button ([[image:1748946517896-621.png]]) to remove it from the list.

186

187

188

Since only static group memberships can be changed here, groups with a dynamic membership type are not displayed in this list.

Dynamic group memberships are highlighted in grey and italics and cannot be changed here.

193

194

195

[[Edit group membership>>image:68_Intune Management_Gruppenmitgliedschaft_783.png]]

196

197

Save your changes to the group memberships by clicking on //Save//.

= Groups =

All groups in your Entra ID client are listed under Groups.

202

203

The Groups view is also divided into two sections: On the left-hand side, you will find an alphabetical list of all groups assigned to this portal and client. On the right-hand side, you will see detailed information about the selected group. Use the search bar to search for a specific group.

204

205

To delete a group, click on the button with the same name in the ribbon bar //Delete //([[image:1748946565217-152.png]]) and confirm the dialogue box that appears. Please note that deleting the group within the ACMP Console also permanently removes the group from your Entra ID. Deletion cannot be undone. To re-import or synchronise Intune data, click on //Refresh data// ([[image:1748946565218-483.png]]).

206

207

[[View of groups in Intune Management>>image:68_Intune Management_Übersicht Gruppen_1556.png]]

208

209

== Detailed view of groups ==

210

211

212

Please note that the fields for the group are only filled with data if there is readable information available. ACMP has no influence on which data is entered.

213

214

215

The details of the group are then displayed on the right-hand side: In the upper half, you will find general information about the group (e.g. what type of group it is, how many users and devices are listed there, etc.). Below, you will find additional information, broken down into different tabs: //Members//, //Dynamic// //Membership//, //Group Member//, //Owner//, //Intune// //Apps// and On-Premises//.//

216

217

|Members|(((

218

This will display all members assigned to this group. If you want to make changes and add or remove members, click on [[Manage members >>doc:||anchor="HMitgliederverwalten"]]([[image:1747640725835-610.png||height="21" width="21"]]).

219

220

221

Only static groups can be edited

222

223

)))

224

|Dynamic Membership|(((

225

If a group is dynamic, the defined filter is displayed here. The rules used here are defined in Intune. This is a read-only view.

226

227

If the membership type is //Static//, nothing is entered in this tab.

228

)))

229

|Group Membership|In this tab, you can see which group the selected group is a member of.

230

|Owners|(((

231

The owner of this group is specified. At least one or more owners can be assigned to a group. To make changes here, click on the //Edit owner //([[image:1748946662424-371.png]]) button on the right.

232

233

There you can add additional owners from a list of available owners (right-hand column) by dragging the entries to the right-hand column (selected owners) ([[image:1748946669440-367.png]]) or removing them again ([[image:1748946669440-302.png]]). Then click on //Save//.

234

)))

235

|Intune Apps|This tab allows you to see which apps are assigned to this group. If you want to make changes to the assignment, you can only do this via the [[//Apps//>>url:https://doc.aagon.com/bin/view/ACMP/68/ACMP-Solutions/Intune%20Management/#HApps]]// //node. There, in the [[//Manage app assignment//>>url:https://doc.aagon.com/bin/view/ACMP/68/ACMP-Solutions/Intune%20Management/#HZuweisungeinerAppverwalten]]// //section, you will find instructions on how to make these change

236

|On-Premises|If you have a hybrid Active Directory environment (e.g. because Entra ID and On Premise AD are linked), you can use this tab to read additional data about the group (e.g. the main user name or whether synchronisation has been enabled).

237

238

[[Open tab for members of a group>>image:68_Intune Management_Detailansicht Gruppen_704.png]]

== Manage members ==

Only members of static groups can be edited. This function is not available for dynamic groups.

244

245

246

To make changes to members, open the //Members //tab and click on the //Manage members //button ([[image:1748946777999-104.png]]) on the right. A new window will open, displaying the current members of the selected group. On the left-hand side, you will find the available group members, filtered according to their respective member types. A distinction is made between the types //User//, //Group//, and //Devices//.

247

248

249

If you want to add users to a group of type ‘M365’, only users of the same group type can be added as members.

250

251

252

Select the desired member type from the drop-down menu. In the following description, the filter is set to type ‘User’.

253

254

If you want to search for a specific member type, you can use the search bar and enter the name there. To make changes to the members, either drag and drop an available member type from the left column into the right table, double-click it or use the button ([[image:1748946795280-582.png]]). To remove an entry, you can drag and drop the group from the right-hand view, double-click it or use the button ([[image:1748946795280-273.png]]) to remove it from the list.

255

256

[[Edit members>>image:68_Intune Management_Gruppenmitglieder bearbeiten_824.png]]

257

258

Save your changes to the group memberships by clicking //Save//.

259

260

261

**Tip**: If you want to get an extended overview of your managed groups, you can easily do this across the desired Intune tenants using queries and reports. There is also a display field for each piece of information you see within the groups. You can find this under New query > Query basis „Intune groups“.

= Devices =

With Intune Management, all devices from Intune are imported into ACMP. These devices are available to you as clients, for example, within queries.

== Query actions ==

In the open console, navigate to //Client Management// > //Query Management// or open the //Query Actions// tab via the ribbon bar. There, open a query in which the required clients appear. In the query results, you can see the inventoried client types (e.g. clients of the types Android, iOS or Windows). Now select the clients on which you want to perform an Intune-relevant action.

271

272

[[Open query>>image:68_ACMP Intune Management Geräte_762.png]]

273

274

You can choose between the following actions:

275

276

277

Please note that all subsequent actions (send messages, shut down devices, etc.) that you send to the end device or want to execute via Intune may be delayed.

278

279

280

|Send Intune notification|(((

281

This action allows you to send an Intune notification to the [[//Company Portal// app>>url:https://apps.microsoft.com/store/detail/unternehmensportal/9WZDNCRFJ3PZ?hl=de-de&gl=de]] on the selected devices. The messages may also be visible on lock screens or in Android apps. Make sure that you only share information that is not too confidential if you want to send a notification about it.

282

283

Enter a title and text content, then click //Run//.

284

)))

285

|Wipe Intune Devices|This action deletes the Intune-specific settings on the selected devices. This also removes the //Company Portal// app and deletes the selected devices from Intune Management.

286

|Retire Intune Devices|If you want to reset an Intune device to its factory settings, select this action. This will also delete the corresponding device from Intune management. You must check this box and confirm the security prompt before you can perform this action.

287

|Remotely lock Intune Devices|(((

288

If you want to lock Intune devices remotely, you can do so using the action. This requires the user on the end device to correctly enter their chosen security mechanism (PIN, password, facial recognition, etc.) in order for the device to be unlocked again.

289

290

291

On MacOS devices, a PIN is generated that is required to unlock the device. You can view this in Intune, in the client details.

292

293

)))

294

|Sync Intune Devices|This action causes selected Intune devices to send their inventory data to Intune. This ensures that the devices are always up to date with the latest information.

| |

== Client Details ==

If you want to display information about an Intune device, you can find all relevant data in the Client details. To do this, navigate to the desired client within a query and open the details by double-clicking.

300

301

Intune-relevant information can be found in two places within the Client details:

302

303

* Under the menu item //Unified Endpoint Management// > //Mobile Device//, you will find all information about the stored mobile device. If you want to execute an Intune-relevant action for the selected client, you can use the options in the [[quick selection bar>>doc:||anchor="HQueryactions"]].

304

* Under the menu item //Software //>// Installed Software //>// Apps//, you will find information about the mobile clients apps. Here, you can also use the options in the quick selection bar to execute an Intune action directly on the selected client.

305

306

307

All information stored here has [[Display Fields >>doc:ACMP.68.ACMP-Solutions.Client-Management.Abfrageverwaltung.Abfragen erstellen.Display Fields.WebHome]]that you can use, for example, to create queries, filters and reports

308

309

310

[[View of the Intune client details for the mobile device>>image:68_Intune Management_Client Details_800.png]]

311

312

Wiki source code of Intune Management

Navigation