Microsoft Intune assesses whether a device meets a set of requirements called compliance policies. Intune classifies each user or device as compliant, not compliant, or not registered. By default, the risk mapping for this adapter is read-only in the Risk Engine:
Low: Compliant
Medium: Not compliant
High: Not registered
NOTE
This adapter requires valid Microsoft Intune API credentials, which you configure and manage in your Azure Portal. The only API permission you must grant is: Microsoft Graph > Application Permissions > DeviceManagementManagedDevices >
DeviceManagementManagedDevices.Read.All. This is an Application Permission, not a Delegated Permission
Set up Microsoft Intune in the Risk Engine
Starting with version 6.3.3, the AppGate client automatically retrieves the Microsoft Intune Device ID value on all supported operating systems. Complete the following steps only if you use an older AppGate ZTNA client.
Follow the steps in Configuring a new risk rule. The steps to set up Microsoft Intune in the Risk Engine are the same as those for any other adapter: create a new risk rule, choose the corresponding adapter, and provide the required values.
Go to the AppGate ZTNA admin UI to add a new device claim and set the conditions to verify the risk level on an entitlement.
NOTE
The risk mapping for this adapter is read-only in ZTP
For instructions on configuring Microsoft Intune in the AppGate ZTNA admin UI, see the section for your operating system:
Windows
macOS
Ubuntu
NOTE
For all operating systems, set the Claim Name to
intuneDid.