{"id":2168,"date":"2018-11-22T11:00:42","date_gmt":"2018-11-22T11:00:42","guid":{"rendered":"https:\/\/developer.microsoft.com\/en-us\/office\/blogs\/?p=2168"},"modified":"2018-11-22T11:00:42","modified_gmt":"2018-11-22T11:00:42","slug":"30daysmsgraph-day-22-device-and-app-management-with-intune","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/30daysmsgraph-day-22-device-and-app-management-with-intune\/","title":{"rendered":"30DaysMSGraph &#8211; Day 22 &#8211; Device and App Management with Intune"},"content":{"rendered":"<p><a href=\"https:\/\/aka.ms\/30DaysMSGraph\">List of all posts in the #30DaysMSGraph series<\/a><\/p>\n<p>-Today&#8217;s post written by <a href=\"https:\/\/github.com\/petrich-msft\">Peter Richards<\/a><\/p>\n<p>In <a href=\"https:\/\/developer.microsoft.com\/en-us\/graph\/blogs\/30daysmsgraph-day-21-use-case-create-plans-buckets-and-tasks-in-planner\">Day 21<\/a> we added plans, buckets, and tasks to Planner.\u00a0 Today we will be building on the .NET Core sample application started in Day 15 to add support for the device and app management functionality offered by Intune.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-2189\" src=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2018\/11\/30DaysMSGraph_Day22_Edited-1024x880.jpg\" alt=\"\" width=\"700\" height=\"601\" srcset=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2018\/11\/30DaysMSGraph_Day22_Edited-1024x880.jpg 1024w, https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2018\/11\/30DaysMSGraph_Day22_Edited-300x258.jpg 300w, https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2018\/11\/30DaysMSGraph_Day22_Edited-768x660.jpg 768w, https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2018\/11\/30DaysMSGraph_Day22_Edited.jpg 1484w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>What is Intune?<\/h2>\n<p>Intune is a cloud-based service in the enterprise mobility management (EMM) space that helps enable your workforce to be productive while keeping your corporate data protected. With Intune, you can:<\/p>\n<ul>\n<li>Manage the mobile devices your workforce uses to access company data.<\/li>\n<li>Manage the mobile apps your workforce uses.<\/li>\n<li>Protect your company information by helping to control the way your workforce accesses and shares it.<\/li>\n<li>Ensure devices and apps are compliant with company security requirements.<\/li>\n<\/ul>\n<p>For more information on Intune take a look at: <a href=\"https:\/\/docs.microsoft.com\/en-us\/intune\/introduction-intune\">https:\/\/docs.microsoft.com\/en-us\/intune\/introduction-intune<\/a><\/p>\n<h2>Getting Started<\/h2>\n<h3>Sign up for a Free Intune Trial<\/h3>\n<p>If you don\u2019t already have an Intune subscription you can sign up for a free 30 day trial by following the instructions at <a href=\"https:\/\/docs.microsoft.com\/en-us\/intune\/get-started-evaluation\">https:\/\/docs.microsoft.com\/en-us\/intune\/get-started-evaluation<\/a> .<\/p>\n<h3>Read the Intune Documentation<\/h3>\n<p>Take a look at the Intune documentation at <a href=\"https:\/\/docs.microsoft.com\/en-us\/intune\/index\">https:\/\/docs.microsoft.com\/en-us\/intune\/index<\/a> to get an overview of all the functionality Intune offers. For specifics on what Intune supports via Microsoft Graph take a look at <a href=\"https:\/\/developer.microsoft.com\/en-us\/graph\/docs\/api-reference\/v1.0\/resources\/intune_graph_overview\">https:\/\/developer.microsoft.com\/en-us\/graph\/docs\/api-reference\/v1.0\/resources\/intune_graph_overview<\/a> .<\/p>\n<h3>Enroll a Device<\/h3>\n<p>To try out these exercises we recommend that you enroll at least one Windows device in Intune following the instructions on <a href=\"https:\/\/docs.microsoft.com\/en-us\/intune\/quickstart-enroll-windows-device\">https:\/\/docs.microsoft.com\/en-us\/intune\/quickstart-enroll-windows-device<\/a> . Intune also supports managing Andoid, MacOS and iOS devices if you want to use them, you can find instructions on how to enroll devices for all supported platforms at <a href=\"https:\/\/docs.microsoft.com\/en-us\/intune\/device-enrollment\">https:\/\/docs.microsoft.com\/en-us\/intune\/device-enrollment<\/a><\/p>\n<h3>Clone the Sample Application<\/h3>\n<p>To follow along with the code please clone the sample application from the <a href=\"https:\/\/github.com\/microsoftgraph\/dotnetcore-console-sample\">dotnetcore-console-sample<\/a> repo and follow the instructions in the readme.md file in the day22 folder to add the Intune functionality<\/p>\n<h3>Add Required Scopes<\/h3>\n<p>In order to access the Intune functionality you will need add some Intune specific scopes to your app registration, for the examples we will work through you will need the <strong>DeviceManagementApps.ReadWrite.All<\/strong>, <strong>DeviceManagementConfiguration.ReadWrite.All<\/strong> and <strong>DeviceManagementManagedDevices.Read.All<\/strong> scopes.<\/p>\n<p><img decoding=\"async\" class=\"size-full wp-image-2190 aligncenter\" src=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2018\/11\/Day-22-Intune1.png\" alt=\"\" width=\"598\" height=\"529\" srcset=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2018\/11\/Day-22-Intune1.png 598w, https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2018\/11\/Day-22-Intune1-300x265.png 300w\" sizes=\"(max-width: 598px) 100vw, 598px\" \/><\/p>\n<h2>List Device for a User<\/h2>\n<p>The first thing we will try is to list the set of devices enrolled by a user which we can do by issuing a GET request to the endpoint <strong>\/users\/&lt;user id&gt;\/managedDevices, <\/strong>using the Graph SDK you can make the same request using<\/p>\n<pre style=\"padding-left: 30px\">graphClient.Users[userPrincipalName].ManagedDevices.Request().GetAsync();<\/pre>\n<p>This will return a list of all the Intune device associated with the specified user.<\/p>\n<h3>Publish a Web Application<\/h3>\n<p>Intune allows you to publish a link to a website that users enrolled in Intune will be able to see, in order to publish a web app (Intune supports many other types of app) you simply need to create an instance of the WebApp entity and issue a POST request to the <strong>\/deviceAppManagement\/mobileApps<\/strong> endpoint using the Graph SDK you can do this with the following code<\/p>\n<pre style=\"padding-left: 30px\">var webApp = new WebApp\n{\n  AppUrl = url,\n  DisplayName = name,\n  Publisher = publisher\n};\ngraphClient.DeviceAppManagement.MobileApps.Request().AddAsync(webApp)<\/pre>\n<h2>Assign an App to Users<\/h2>\n<p>In order for users to be able to see an app it has to be assigned to them, for this example we are just going to assign the app to all users, apps are assigned by calling the <strong>assign<\/strong> action on an instance of the mobileApp entity by doing a POST request to <strong>\/deviceAppManagement\/mobileApps\/&lt;id&gt;\/assign <\/strong>\u00a0in the body of the request you must provide one or more <strong>mobileAppAssignment<\/strong> entities.<\/p>\n<p>Using the SDK you can do this with the following code<\/p>\n<pre style=\"padding-left: 30px\">var assignment = new MobileAppAssignment\n{\n  Intent = InstallIntent.Available,\n  Target = new AllLicensedUsersAssignmentTarget()\n};\ngraphClient.DeviceAppManagement.MobileApps[app.Id].Assign(new[] { assignment }).Request().PostAsync();<\/pre>\n<h2>Create a Device Configuration<\/h2>\n<p>Intune allows you to push a configuration down to managed devices using the <strong>deviceConfiguration<\/strong> entity, Intune supports setting many settings across a variety of platforms (Android, iOS, Windows). In this example we want to configure a Windows 10 device to set the Edge homepage and to enable Developer Mode. Device Configurations are created by issuing a POST request to the <strong>\/deviceManagement\/deviceConfigurations<\/strong> endpoint passing in an instance of a deviceConifgurationEntity<\/p>\n<p>Using the SDK you can do this with the following code<\/p>\n<pre style=\"padding-left: 30px\">var deviceConfiguration = new Windows10GeneralConfiguration\n{\n  DisplayName = displayName,\n  EdgeHomepageUrls = new[] { edgeHomePage },\n  DeveloperUnlockSetting = StateManagementSetting.Allowed\n};\nreturn graphClient.DeviceManagement.DeviceConfigurations.Request().AddAsync(deviceConfiguration);<\/pre>\n<h2>Assign a Device Configuration to all Devices<\/h2>\n<p>Like apps, Intune Device Configurations need to be assigned before they will be applied. For this example we are going to assign the device configuration to all device managed by Intune. Device conifgurations are assigned by calling the <strong>assign<\/strong> action on an instance of the <strong>deviceConfiguration<\/strong> entity by doing a POST request to <strong>\/deviceManagement\/deviceConfigurations\/&lt;id&gt;\/assign <\/strong>\u00a0in the body of the request you must provide one or more <strong>deviceConfigurationAssignment<\/strong> entities.<\/p>\n<p>Using the SDK you can do this with the following code<\/p>\n<pre style=\"padding-left: 30px\">var assignment = new DeviceConfigurationAssignment\n{\n  Target = new AllDevicesAssignmentTarget()\n};\ngraphClient.DeviceManagement.DeviceConfigurations[deviceConfiguration.Id].Assign(new[] { assignment }).Request().PostAsync();<\/pre>\n<h2>Try it Out<\/h2>\n<div>\n<div>Navigate to the <a href=\"https:\/\/github.com\/microsoftgraph\/dotnetcore-console-sample\">dotnetcore-console-sample<\/a> repo.<\/div>\n<\/div>\n<p><a href=\"https:\/\/github.com\/microsoftgraph\/30DaysMSGraph-TryItOut\/blob\/master\/Day22-Intune.md\">Day 22 repo link<\/a><\/p>\n<ol>\n<li>Sign up for a free Intune trial at https:\/\/docs.microsoft.com\/en-us\/intune\/get-started-evaluation.<\/li>\n<li>Clone the dotnetcore-console-sample repo and configure the project in the <a href=\"https:\/\/github.com\/microsoftgraph\/dotnetcore-console-sample\/blob\/master\/day22-intune\">Day 22 sub-folder<\/a>.<\/li>\n<li>Follow the instructions in readme.md to add Intune functionality to the sample program.\u00a0 (This exercise requires delegated permissions so be sure to include device code authentication from <a href=\"https:\/\/developer.microsoft.com\/en-us\/graph\/blogs\/30daysmsgraph-day-20-use-case-device-code-flow-to-authenticate-users\">Day 20<\/a> if building from scratch).<\/li>\n<li>Check out <a href=\"https:\/\/developer.microsoft.com\/en-us\/graph\/docs\/api-reference\/v1.0\/resources\/intune_graph_overview\">https:\/\/developer.microsoft.com\/en-us\/graph\/docs\/api-reference\/v1.0\/resources\/intune_graph_overview<\/a> for more details on the Intune APIs in Microsoft Graph.<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>Join us tomorrow as we discuss a new authentication option with implicit flow for single page applications in <a href=\"https:\/\/developer.microsoft.com\/en-us\/graph\/blogs\/30daysmsgraph-day-23-use-case-calling-microsoft-graph-from-a-single-page-application-part-1\/\">Day 23<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In day 21 we added plans, buckets, and tasks to Planner.\u00a0 Today we will be building on the .Net Core sample application started in Day 15 to add support for the device and app management functionality offered by Intune.<\/p>\n","protected":false},"author":73055,"featured_media":25159,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3],"tags":[84],"class_list":["post-2168","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-graph","tag-30daysmsgraph"],"acf":[],"blog_post_summary":"<p>In day 21 we added plans, buckets, and tasks to Planner.\u00a0 Today we will be building on the .Net Core sample application started in Day 15 to add support for the device and app management functionality offered by Intune.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/2168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/users\/73055"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/comments?post=2168"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/2168\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media\/25159"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media?parent=2168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/categories?post=2168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/tags?post=2168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}