Scenario: Perform Automation Based on Device Enrollment in Microsoft Intune

Greetings, fellow systems management admins! I spend a lot of my time these days building solutions that tie together multiple products, especially integrations in and out of ServiceNow. So, given my bridged knowledge of Intune, ConfigMgr, and ServiceNow, I think this is a great scenario to share.

Here’s what I want to achieve (in feature form):

As an admin, I need to track Intune device enrollment in ServiceNow, so that I can perform hardware asset management in my enterprise.

There’s a lot more to hardware asset management, but having an authoritative source of information is critical, and that’s the focus of this series. In everything I do, a guiding principle is to remove any opportunity for humans to make an error. Don’t get me wrong, I love humans, but we’re bad at repetitive work. I would much rather hand off this monotonous, repetitive work to the machine so that I know it will be handled quickly and consistently (and probably have happier employees too).

Be forewarned! There are a lot of moving parts here, but we’re going to break them down into consumable chunks. If you have more efficient methods of achieving the same result, send me some info in the comments, and I’ll give you full credit!

The Design

We are going to build event-based process automation so that every time a device is enrolled in Intune, we launch automation to make updates in the ServiceNow Asset Management table. This automation must be event-based to scale to large environments.

Figure 1 – Devices enroll, and magic happens to create/update assets in ServiceNow.

So, as you can see from Figure 1, it’s all about the magic. There are several steps involved in that magic. Figure 2 gives you a better idea of the steps and technologies involved:

Figure 2 – Actions and Technologies Required for this scenario.

So that’s the high-level to the scenario. Join me over the next week or two as I step you through each of the processes mentioned above. As I post each blog, I’ll update the list below with a hyperlink to the post:

  1. Using Log Analytics to Generate Alerts for Each New Intune Device Enrollment
  2. Create a Webhook from Azure Alerts to a Logic App
  3. Processing an Azure Alert with a Logic App
  4. Updating ServiceNow with Hardware Asset Data using Logic Apps

And of course, device enrollment is only part of the asset management journey. We’ll walk through a separate series to launch automation based on device un-enrollment soon.

Stay tuned!


Code from my DevConnections Sessions

Thanks for a great week! Here’s a link to the code I used at IT DevConnections 2017.


Big thanks to my colleague Kaido Järvemets for his contributions, even though he wasn’t able to attend!