November 22nd, 2018

30DaysMSGraph – Day 22 – Device and App Management with Intune

List of all posts in the #30DaysMSGraph series

-Today’s post written by Peter Richards

In Day 21 we added plans, buckets, and tasks to Planner.  Today we will be building on the .NET Core sample application started in Day 15 to add support for the device and app management functionality offered by Intune.

 

What is Intune?

Intune is a cloud-based service in the enterprise mobility management (EMM) space that helps enable your workforce to be productive while keeping your corporate data protected. With Intune, you can:

  • Manage the mobile devices your workforce uses to access company data.
  • Manage the mobile apps your workforce uses.
  • Protect your company information by helping to control the way your workforce accesses and shares it.
  • Ensure devices and apps are compliant with company security requirements.

For more information on Intune take a look at: https://docs.microsoft.com/en-us/intune/introduction-intune

Getting Started

Sign up for a Free Intune Trial

If you don’t already have an Intune subscription you can sign up for a free 30 day trial by following the instructions at https://docs.microsoft.com/en-us/intune/get-started-evaluation .

Read the Intune Documentation

Take a look at the Intune documentation at https://docs.microsoft.com/en-us/intune/index to get an overview of all the functionality Intune offers. For specifics on what Intune supports via Microsoft Graph take a look at https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/intune_graph_overview .

Enroll a Device

To try out these exercises we recommend that you enroll at least one Windows device in Intune following the instructions on https://docs.microsoft.com/en-us/intune/quickstart-enroll-windows-device . Intune also supports managing Andoid, MacOS and iOS devices if you want to use them, you can find instructions on how to enroll devices for all supported platforms at https://docs.microsoft.com/en-us/intune/device-enrollment

Clone the Sample Application

To follow along with the code please clone the sample application from the dotnetcore-console-sample repo and follow the instructions in the readme.md file in the day22 folder to add the Intune functionality

Add Required Scopes

In order to access the Intune functionality you will need add some Intune specific scopes to your app registration, for the examples we will work through you will need the DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All and DeviceManagementManagedDevices.Read.All scopes.

List Device for a User

The first thing we will try is to list the set of devices enrolled by a user which we can do by issuing a GET request to the endpoint /users/<user id>/managedDevices, using the Graph SDK you can make the same request using

graphClient.Users[userPrincipalName].ManagedDevices.Request().GetAsync();

This will return a list of all the Intune device associated with the specified user.

Publish a Web Application

Intune allows you to publish a link to a website that users enrolled in Intune will be able to see, in order to publish a web app (Intune supports many other types of app) you simply need to create an instance of the WebApp entity and issue a POST request to the /deviceAppManagement/mobileApps endpoint using the Graph SDK you can do this with the following code

var webApp = new WebApp
{
  AppUrl = url,
  DisplayName = name,
  Publisher = publisher
};
graphClient.DeviceAppManagement.MobileApps.Request().AddAsync(webApp)

Assign an App to Users

In order for users to be able to see an app it has to be assigned to them, for this example we are just going to assign the app to all users, apps are assigned by calling the assign action on an instance of the mobileApp entity by doing a POST request to /deviceAppManagement/mobileApps/<id>/assign  in the body of the request you must provide one or more mobileAppAssignment entities.

Using the SDK you can do this with the following code

var assignment = new MobileAppAssignment
{
  Intent = InstallIntent.Available,
  Target = new AllLicensedUsersAssignmentTarget()
};
graphClient.DeviceAppManagement.MobileApps[app.Id].Assign(new[] { assignment }).Request().PostAsync();

Create a Device Configuration

Intune allows you to push a configuration down to managed devices using the deviceConfiguration entity, Intune supports setting many settings across a variety of platforms (Android, iOS, Windows). In this example we want to configure a Windows 10 device to set the Edge homepage and to enable Developer Mode. Device Configurations are created by issuing a POST request to the /deviceManagement/deviceConfigurations endpoint passing in an instance of a deviceConifgurationEntity

Using the SDK you can do this with the following code

var deviceConfiguration = new Windows10GeneralConfiguration
{
  DisplayName = displayName,
  EdgeHomepageUrls = new[] { edgeHomePage },
  DeveloperUnlockSetting = StateManagementSetting.Allowed
};
return graphClient.DeviceManagement.DeviceConfigurations.Request().AddAsync(deviceConfiguration);

Assign a Device Configuration to all Devices

Like apps, Intune Device Configurations need to be assigned before they will be applied. For this example we are going to assign the device configuration to all device managed by Intune. Device conifgurations are assigned by calling the assign action on an instance of the deviceConfiguration entity by doing a POST request to /deviceManagement/deviceConfigurations/<id>/assign  in the body of the request you must provide one or more deviceConfigurationAssignment entities.

Using the SDK you can do this with the following code

var assignment = new DeviceConfigurationAssignment
{
  Target = new AllDevicesAssignmentTarget()
};
graphClient.DeviceManagement.DeviceConfigurations[deviceConfiguration.Id].Assign(new[] { assignment }).Request().PostAsync();

Try it Out

Navigate to the dotnetcore-console-sample repo.

Day 22 repo link

  1. Sign up for a free Intune trial at https://docs.microsoft.com/en-us/intune/get-started-evaluation.
  2. Clone the dotnetcore-console-sample repo and configure the project in the Day 22 sub-folder.
  3. Follow the instructions in readme.md to add Intune functionality to the sample program.  (This exercise requires delegated permissions so be sure to include device code authentication from Day 20 if building from scratch).
  4. Check out https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/intune_graph_overview for more details on the Intune APIs in Microsoft Graph.

 

Join us tomorrow as we discuss a new authentication option with implicit flow for single page applications in Day 23.