Microsoft Intune (Preview)
Microsoft Intune is a cloud-based endpoint management solution. It manages user access to organizational resources and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints.
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | Intune PowerAutomate Connector Owners |
| URL | https://learn.microsoft.com/en-us/mem/get-support |
| IntunePAConnectOwn@microsoft.com |
| Connector Metadata | |
|---|---|
| Publisher | Microsoft |
| Website | https://intune.microsoft.com/ |
| Privacy policy | https://learn.microsoft.com/en-us/mem/intune/protect/privacy-personal-data |
| Categories | Security |
This connector allows for the Intune objects to be interacted with in your workflows. New actions and triggers supported by Intune enable new automation opportunities across your endpoint management estate.
Prerequisites
Using requires Intune Suite licenses for devices that leverage this capability.
How to get credentials
Users can leverage this connector with their work Entra ID identity as long as they have sufficient privileges in Intune role-based access control (RBAC) to carry out any actions they would like to automate against Intune. Attempting to take actions for which the user does not have adequate permissions will cause flow errors.
Get started with your connector
With the Intune connector you can automate many of the actions that you might need to take repeatedly in the Intune Portal to run in specific sequences, on a schedule, or under certain conditions. You can also query Intune reporting data and leverage the results to take actions in Intune or elsewhere.
A simple example of an application of the connector would be the automation of fetching elevated privilege requests and invoking an approve or deny action depending on whether the request is for a trusted resource.
Known issues and limitations
Sharing of flows leveraging the Intune connector is not currently supported. The Intune connector is intended to be used in the environment that is created during the initial setup of this automation funcionality in Intune.
Throttling Limits
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
| Frequency of trigger polls | 1 | 30 seconds |
Actions
| Approve an EPM elevation request |
Approve an EPM elevation request. |
| Assign device configuration policy (override existing assignments) |
Assign device configuration policy to a group and override any existing assignments for the policy. |
| Assign Windows quality update policy (override existing assignments) |
Assign Windows quality update policy to a group and override any existing assignments for the policy. |
| Create SSO extension policy |
Create SSO extension device configuration policy for iOS and macOS devices. |
| Create Windows quality update policy |
Create a policy to install the latest Windows quality update to assigned devices. |
| Delete device |
Remove the device from the Intune admin center, and then retire it the next time it checks in. |
| Deny an EPM elevation request |
Deny an EPM elevation request. |
| Get app status report |
Get report about installation and update status for an app. |
| Get Endpoint Privilege Management elevation requests |
Get a list of all active elevation requests from Endpoint Privilege Management. |
| Get Entra object ID |
Get the Entra object ID of a device by providing the Entra device ID. |
| Get number of devices an app is assigned to |
Get total number of devices that an app is assigned to. |
| Get security tasks |
Get the current list of security tasks in the Intune console. |
| Get the list of affected devices for a security task |
Get the current list of affected devices for a security task. |
| Get the most recent Windows update |
Get the name of the most recent Windows update |
| Retire device |
Remove the device from Intune management and remove any data and settings that were assigned by Intune.This action is only supported on Windows, macOS, iOS, iPadOS, Android Enterprise Personally-Owned/Corporate-Owned Work Profile, and Android Device Administrator devices. |
| Set device name |
Set a new device name in the Intune admin center.The action is only supported on Windows corporate-owned, macOS corporate-owned, iPadOS or iOS 9.3 and later supervised, Android Enterprise Corporate-Owned Work Profile, Android Enterprise Dedicated, Android Enterprise Fully Managed, and corporate-owned Entra-joined co-managed devices. |
| Update status of security task |
Update the status of a security task. |
| Wipe device |
Restore the device to factory default settings.This action is only supported on Windows, macOS, iOS, iPadOS, AOSP, Android Enterprise Corporate-Owned Work Profile, Android Enterprise Dedicated, and Android Enterprise Fully Managed devices. |
Approve an EPM elevation request
Approve an EPM elevation request.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Intune EPM elevation request ID
|
elevationRequestId | True | string |
Specify the Intune EPM elevation request ID. |
|
Reviewer justification
|
reviewerJustification | True | string |
Reviewer justification |
Returns
Assign device configuration policy (override existing assignments)
Assign device configuration policy to a group and override any existing assignments for the policy.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Policy ID (GUID will be generated)
|
PolicyId | True | string |
Select policy name. |
|
Include or exclude group
|
@odata.type | True | string |
Select include or exclude. |
|
Group name
|
groupId | True | string |
Select group name from list or enter group ID. |
Returns
Assign Windows quality update policy (override existing assignments)
Assign Windows quality update policy to a group and override any existing assignments for the policy.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Policy ID (GUID will be generated)
|
profileId | True | string |
Select policy name. |
|
Include or exclude group
|
@odata.type | True | string |
Select include or exclude. |
|
Group name
|
groupId | True | string |
Select group name from list or enter group ID. |
Returns
Create SSO extension policy
Create SSO extension device configuration policy for iOS and macOS devices.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Platform
|
Platform | True | string |
Platform |
|
name
|
name | string |
name |
|
|
description
|
description | string |
description |
|
|
platforms
|
platforms | string |
platforms |
|
|
technologies
|
technologies | string |
technologies |
|
|
roleScopeTagIds
|
roleScopeTagIds | array of string |
roleScopeTagIds |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
settingDefinitionId
|
settingDefinitionId | string |
settingDefinitionId |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
settingDefinitionId
|
settingDefinitionId | string |
settingDefinitionId |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
settingDefinitionId
|
settingDefinitionId | string |
settingDefinitionId |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
value
|
value | string |
value |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
value
|
value | string |
value |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
settingDefinitionId
|
settingDefinitionId | string |
settingDefinitionId |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
value
|
value | integer |
value |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
value
|
value | string |
value |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
|
|
value
|
value | string |
value |
|
|
children
|
children | array of |
children |
|
|
value
|
value | string |
value |
|
|
@odata.type
|
@odata.type | string |
@odata.type |
Returns
Create Windows quality update policy
Create a policy to install the latest Windows quality update to assigned devices.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Display name
|
displayName | True | string |
Display name for windows quality update. |
|
Description
|
description | string |
Description of the windows quality update. |
|
|
Expedite installation of updates if device OS version less than
|
qualityUpdateRelease | True | string |
Specify quality update release version. |
|
Number of Days Until Forced Reboot
|
daysUntilForcedReboot | True | integer |
Value must be between 0 and 2 |
|
Role scope tag id(s)
|
roleScopeTagIds | array of string |
Role scope tag id(s) |
Returns
Delete device
Remove the device from the Intune admin center, and then retire it the next time it checks in.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Intune Device ID
|
managedDeviceId | True | string |
Specify the Intune Device ID. |
Returns
Deny an EPM elevation request
Deny an EPM elevation request.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Intune EPM elevation request ID
|
elevationRequestId | True | string |
Specify the Intune EPM elevation request ID. |
|
Reviewer justification
|
reviewerJustification | True | string |
Reviewer justification |
Returns
Get app status report
Get report about installation and update status for an app.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Application ID (GUID will be generated)
|
Filter | True | string |
Select app name from list or enter app ID or package ID of application. |
Returns
Get Endpoint Privilege Management elevation requests
Get a list of all active elevation requests from Endpoint Privilege Management.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Filter Criteria
|
$filter | string |
Filter query to restrict the entries returned |
Returns
Get Entra object ID
Get the Entra object ID of a device by providing the Entra device ID.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Entra Device ID
|
AADDeviceId | True | string |
Specify the Entra Device ID. |
|
Specify device fields
|
$select | string |
Specify device fields. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
EntraObjectId
|
id | string |
Entra Object ID |
|
EntraDeviceId
|
deviceId | string |
Entra Device ID |
Get number of devices an app is assigned to
Get total number of devices that an app is assigned to.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Application ID (GUID will be generated)
|
Filter | True | string |
Select app name from list or enter app ID or package ID of application. |
Returns
Get security tasks
Get the current list of security tasks in the Intune console.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Filter criteria
|
$filter | string |
Filter query to restrict the entries returned (e.g. stringColumn eq 'string' OR numberColumn lt 123). |
|
|
Order by
|
$orderby | string |
Specifying the order of entries Asc or Desc. |
|
|
Top count
|
$top | integer |
Total number of entries to retrieve (default = all). |
|
|
Select query
|
$select | string |
Specific fields to retrieve from entries (default = all). |
Returns
Get the list of affected devices for a security task
Get the current list of affected devices for a security task.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Task ID
|
TaskId | True | string |
Input task ID. |
|
Task type
|
$expand | True | string |
Select the task type. |
Returns
Get the most recent Windows update
Get the name of the most recent Windows update
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Update type
|
$filter | True | string |
Select Windows update type. |
|
Select Query
|
$select | string |
Specific fields to retrieve like Displayname,ReleaseDateTime,EndOfSupportDate (default = all). |
Returns
Retire device
Remove the device from Intune management and remove any data and settings that were assigned by Intune.This action is only supported on Windows, macOS, iOS, iPadOS, Android Enterprise Personally-Owned/Corporate-Owned Work Profile, and Android Device Administrator devices.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Intune Device ID
|
managedDeviceId | True | string |
Specify the Intune Device ID. |
Returns
Set device name
Set a new device name in the Intune admin center.The action is only supported on Windows corporate-owned, macOS corporate-owned, iPadOS or iOS 9.3 and later supervised, Android Enterprise Corporate-Owned Work Profile, Android Enterprise Dedicated, Android Enterprise Fully Managed, and corporate-owned Entra-joined co-managed devices.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Intune Device ID
|
managedDeviceId | True | string |
Specify the Intune Device ID. |
|
New Device Name
|
deviceName | True | string |
Names must be 15 characters or less, must not contain only numbers, and must not include spaces or special characters. |
Returns
Update status of security task
Update the status of a security task.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Task Id
|
TaskId | True | string |
Id of the task to update the status |
|
Status
|
status | True | string |
Status to update in the task |
|
Note
|
note | True | string |
Note while updating task status |
Returns
Wipe device
Restore the device to factory default settings.This action is only supported on Windows, macOS, iOS, iPadOS, AOSP, Android Enterprise Corporate-Owned Work Profile, Android Enterprise Dedicated, and Android Enterprise Fully Managed devices.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Intune Device ID
|
managedDeviceId | True | string |
Specify the Intune Device ID. |
|
Keep enrollment data
|
keepEnrollmentData | boolean |
Set to Yes to preserve enrollment data after wiping the device. |
|
|
Keep user data
|
keepUserData | boolean |
Set to Yes to keep user data after wiping the device. |
|
|
Use protected wipe
|
useProtectedWipe | boolean |
Set to Yes to use protected wipe. |
|
|
Persist eSIM data plan
|
persistEsimDataPlan | boolean |
Set to Yes to keep the established eSIM data plan for the device. |
|
|
Obliteration behavior
|
obliterationBehavior | string |
Specify obliteration behavior. |
|
|
MacOS/iOS unlock code
|
macOsUnlockCode | string |
Specify unlock code for macOS or iOS. |
Returns
Triggers
| When devices are enrolled |
This operation regularly checks the list of enrolled devices and triggers when new enrolled devices are found.This trigger polls for new information every 10 minutes. |
| When devices are jailbroken |
This operation regularly checks the list of jailbroken and rooted devices and triggers when new jailbroken and rooted devices are found.This trigger polls for new information every hour. |
| When devices aren’t compliant |
This operation regularly checks the list of noncompliant devices and triggers when new noncompliant devices are found.This trigger polls for new information every 8 hours. |
| When devices have not checked in |
This operation regularly checks the list of devices and triggers when new devices have not checked in for the specified period of time.This trigger polls for new information every 8 hours. |
| When new elevation requests are found |
This operation regularly checks the list of active elevation requests and triggers when new requests are found.This trigger polls for new information every hour. |
| When new pending security tasks for Windows 11 are found |
This regularly checks the list of security tasks and triggers when it finds any pending tasks those weren't present at the last check.This trigger polls for new information every hour. |
When devices are enrolled
This operation regularly checks the list of enrolled devices and triggers when new enrolled devices are found.This trigger polls for new information every 10 minutes.
Returns
When devices are jailbroken
This operation regularly checks the list of jailbroken and rooted devices and triggers when new jailbroken and rooted devices are found.This trigger polls for new information every hour.
Returns
When devices aren’t compliant
This operation regularly checks the list of noncompliant devices and triggers when new noncompliant devices are found.This trigger polls for new information every 8 hours.
Returns
When devices have not checked in
This operation regularly checks the list of devices and triggers when new devices have not checked in for the specified period of time.This trigger polls for new information every 8 hours.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Days not checked in
|
InactiveDays | True | integer |
Specify the number of days a device has not checked in for in order for it to be identified. |
Returns
When new elevation requests are found
This operation regularly checks the list of active elevation requests and triggers when new requests are found.This trigger polls for new information every hour.
Returns
When new pending security tasks for Windows 11 are found
This regularly checks the list of security tasks and triggers when it finds any pending tasks those weren't present at the last check.This trigger polls for new information every hour.
Returns
Definitions
DeviceAppManagementTasksResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
@odata.context
|
@odata.context | string |
data context |
|
value
|
value | array of object | |
|
id
|
value.id | string |
id |
|
displayName
|
value.displayName | string |
displayName |
|
description
|
value.description | string |
description |
|
createdDateTime
|
value.createdDateTime | string |
createdDateTime |
|
dueDateTime
|
value.dueDateTime | string |
dueDateTime |
|
category
|
value.category | string |
category |
|
priority
|
value.priority | string |
priority |
|
creator
|
value.creator | string |
creator |
|
creatorNotes
|
value.creatorNotes | string |
creatorNotes |
|
assignedTo
|
value.assignedTo | string |
assignedTo |
|
status
|
value.status | string |
status |
|
appName
|
value.appName | string |
appName |
|
appPublisher
|
value.appPublisher | string |
appPublisher |
|
appVersion
|
value.appVersion | string |
appVersion |
|
mitigationType
|
value.mitigationType | string |
mitigationType |
|
insights
|
value.insights | string |
insights |
|
managedDeviceCount
|
value.managedDeviceCount | integer |
managedDeviceCount |
|
mobileAppCount
|
value.mobileAppCount | integer |
mobileAppCount |
|
remediation
|
value.remediation | string |
remediation |
EachDeviceAppManagementTaskResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
id
|
id | string |
id |
|
displayName
|
displayName | string |
displayName |
|
description
|
description | string |
description |
|
createdDateTime
|
createdDateTime | string |
createdDateTime |
|
dueDateTime
|
dueDateTime | string |
dueDateTime |
|
category
|
category | string |
category |
|
priority
|
priority | string |
priority |
|
creator
|
creator | string |
creator |
|
creatorNotes
|
creatorNotes | string |
creatorNotes |
|
assignedTo
|
assignedTo | string |
assignedTo |
|
status
|
status | string |
status |
|
appName
|
appName | string |
appName |
|
appPublisher
|
appPublisher | string |
appPublisher |
|
appVersion
|
appVersion | string |
appVersion |
|
mitigationType
|
mitigationType | string |
mitigationType |
|
insights
|
insights | string |
insights |
|
managedDeviceCount
|
managedDeviceCount | integer |
managedDeviceCount |
|
mobileAppCount
|
mobileAppCount | integer |
mobileAppCount |
|
remediation
|
remediation | string |
remediation |
|
managedDevices
|
managedDevices | array of object |
managedDevices |
|
EntraDeviceID
|
managedDevices.id | string |
Entra Device ID |
|
IntuneDeviceID
|
managedDevices.managedDeviceId | string |
Intune Device ID |
|
displayName
|
managedDevices.displayName | string |
displayName |
|
lastSyncDateTime
|
managedDevices.lastSyncDateTime | string |
lastSyncDateTime |
WindowsQualityUpdateCatalogItemResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
value
|
value | array of object | |
|
id
|
value.id | string |
id |
|
displayName
|
value.displayName | string |
displayName |
|
releaseDateTime
|
value.releaseDateTime | string |
releaseDateTime |
|
endOfSupportDate
|
value.endOfSupportDate | string |
endOfSupportDate |
|
classification
|
value.classification | string |
classification |
GetElevationRequestsResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
@odata.context
|
@odata.context | string |
data context |
|
@odata.count
|
@odata.count | integer |
count |
|
value
|
value | array of object | |
|
id
|
value.id | string |
id |
|
requestedByUserId
|
value.requestedByUserId | string |
requestedByUserId |
|
requestedOnDeviceId
|
value.requestedOnDeviceId | string |
requestedOnDeviceId |
|
requestedByUserPrincipalName
|
value.requestedByUserPrincipalName | string |
requestedByUserPrincipalName |
|
deviceName
|
value.deviceName | string |
deviceName |
|
requestCreatedDateTime
|
value.requestCreatedDateTime | string |
requestCreatedDateTime |
|
requestLastModifiedDateTime
|
value.requestLastModifiedDateTime | string |
requestLastModifiedDateTime |
|
requestJustification
|
value.requestJustification | string |
requestJustification |
|
status
|
value.status | string |
status |
|
reviewCompletedByUserId
|
value.reviewCompletedByUserId | string |
reviewCompletedByUserId |
|
reviewCompletedByUserPrincipalName
|
value.reviewCompletedByUserPrincipalName | string |
reviewCompletedByUserPrincipalName |
|
reviewCompletedDateTime
|
value.reviewCompletedDateTime | string |
reviewCompletedDateTime |
|
requestExpiryDateTime
|
value.requestExpiryDateTime | string |
requestExpiryDateTime |
|
reviewerJustification
|
value.reviewerJustification | string |
reviewerJustification |
|
fileHash
|
value.applicationDetail.fileHash | string |
fileHash |
|
fileName
|
value.applicationDetail.fileName | string |
fileName |
|
filePath
|
value.applicationDetail.filePath | string |
filePath |
|
fileDescription
|
value.applicationDetail.fileDescription | string |
fileDescription |
|
publisherName
|
value.applicationDetail.publisherName | string |
publisherName |
|
publisherCert
|
value.applicationDetail.publisherCert | string |
publisherCert |
|
productName
|
value.applicationDetail.productName | string |
productName |
|
productInternalName
|
value.applicationDetail.productInternalName | string |
productInternalName |
|
productVersion
|
value.applicationDetail.productVersion | string |
productVersion |
GetManagedDeviceDetailsResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
@odata.context
|
@odata.context | string |
@odata.context |
|
@odata.count
|
@odata.count | integer |
@odata.count |
|
value
|
value | array of object | |
|
IntuneDeviceId
|
value.id | string |
Intune Device Id |
|
userId
|
value.userId | string |
userId |
|
deviceName
|
value.deviceName | string |
deviceName |
|
ownerType
|
value.ownerType | string |
ownerType |
|
managedDeviceOwnerType
|
value.managedDeviceOwnerType | string |
managedDeviceOwnerType |
|
managementState
|
value.managementState | string |
managementState |
|
enrolledDateTime
|
value.enrolledDateTime | string |
enrolledDateTime |
|
lastSyncDateTime
|
value.lastSyncDateTime | string |
lastSyncDateTime |
|
deviceType
|
value.deviceType | string |
deviceType |
|
complianceState
|
value.complianceState | string |
complianceState |
|
jailBroken
|
value.jailBroken | string |
jailBroken |
|
aadRegistered
|
value.aadRegistered | boolean |
aadRegistered |
|
azureADRegistered
|
value.azureADRegistered | boolean |
azureADRegistered |
|
deviceEnrollmentType
|
value.deviceEnrollmentType | string |
deviceEnrollmentType |
|
EntraDeviceID
|
value.azureADDeviceId | string |
Entra Device ID |
|
deviceRegistrationState
|
value.deviceRegistrationState | string |
deviceRegistrationState |
|
userPrincipalName
|
value.userPrincipalName | string |
userPrincipalName |
|
model
|
value.model | string |
model |
|
manufacturer
|
value.manufacturer | string |
manufacturer |
|
imei
|
value.imei | string |
imei |
|
complianceGracePeriodExpirationDateTime
|
value.complianceGracePeriodExpirationDateTime | string |
complianceGracePeriodExpirationDateTime |
|
serialNumber
|
value.serialNumber | string |
serialNumber |
|
managedDeviceName
|
value.managedDeviceName | string |
managedDeviceName |
|
joinType
|
value.joinType | string |
joinType |
|
skuFamily
|
value.skuFamily | string |
skuFamily |
|
skuNumber
|
value.skuNumber | integer |
skuNumber |
|
enrollmentProfileName
|
value.enrollmentProfileName | string |
enrollmentProfileName |
WindowsQualityUpdateProfile
| Name | Path | Type | Description |
|---|---|---|---|
|
id
|
id | string |
id |
|
displayName
|
displayName | string |
displayName |
|
description
|
description | string |
description |
CreateDCv2PolicyResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
Policy Id
|
id | string |
id |
|
Name
|
name | string |
name |
|
Description
|
description | string |
description |
|
Platforms
|
platforms | string |
platforms |
|
CreatedDateTime
|
createdDateTime | string |
createdDateTime |