Skip to content

Planning

Overall process flow

Connector process

Intune

Assumptions

To get the most out of the integration between Intune and Xurrent, it’s advised that only devices that should be under management in Xurrent should be imported into the system. So before doing any integration it’s recommended to review the devices in Intune and decide which of these that should be imported into Xurrent.

Intune Owner

Is there an owner of Intune that looks after the system and maintains it? Good practice to maintain good hygiene in Intune is to have an owner that looks after the system and is responsible for making sure that policies and devices joining or leaving Intune is following the processes defined by the company. This persona would also be responsible for communicating and establishing the needed procedures for why, how and when devices, software and policies are distributed to devices that are joined to Intune. The owner of the system would be responsible for carrying out the defined process of Intune.

Intune defined process

Is there a defined process for the lifecycle of devices, software, and policies in Intune? Having such a process optimizes the value that Intune brings to the business but also optimizes the devices and their data that gets imported into Xurrent using the Microsoft Intune connector for Xurrent. It’s recommended that a process defines when a device gets added to Intune and when it leaves Intune. Furthermore, it should also define when a user is associated with a device and how any compliance policies are associated with a device and how this is enforced. This is to ensure that when data is imported into Xurrent that the data is correct and follows the intended data quality by following the described process of Intune.

Intune Data Quality

There are some high-level recommendations to follow before you are ready to connect the Microsoft Intune connector for Xurrent. Ensuring the data imported into Xurrent is accurate and holds high quality data is key for the success of the connector. This mainly falls back on the process and the owner being correctly established. However, before connecting the two systems, it’s advised to perform a quick health check to understand if both systems are ready for this. Once verified the actual work of integrating the two systems can begin.

Bring Intune devices to a healthy state

If there are many devices not being used or orphan devices with no owner, it’s recommended that these are cleaned up and removed from Intune, so they are not imported into Xurrent. Having devices that are not under management in Xurrent might not bring the quality and follow the defined processes they were intended for. If auto pilot or other technology is used there can be exceptions to this rule, and this can be in accordance with the defined process.

Bring Intune policy to a healthy state

Policies used are implemented in accordance with governance requirements to frame the right picture of alerts being sent from Intune into Xurrent as requests, once the connector is configured. If these are not up-to-date or out of sync, there will be many unnecessary requests sent to Xurrent. Therefor it’s advised before implementing the connector that the status and configuration of compliance policies matches and reflects the given situation in the environment, so this is raised accordingly in the Xurrent platform.

Xurrent

Assumptions

To get the most out of the Microsoft Intune connector for Xurrent it’s advised to consider the following areas as control points before configuring the connector for Xurrent. This is to ensure that the Xurrent platform does not get overloaded with CIs that were not intended and ensuring that service requests are created in the platform that does not have a described impact.

CI & Asset owner in Xurrent

It’s advised that an owner of configuration and asset management is identified and looks after the system and maintains it. This owner should outline (via the process) the requirements for CIs & Assets being imported and if they hold the needed data to maintain and bring it under management.

There is a defined process for the lifecycle of devices in Xurrent

For CIs to be managed in accordance with the SCIM process definition it’s advised to have a defined process described and maintained in Xurrent. This process should be responsible for maintaining the CI through their life cycle and ensure that what CIs gets into Xurrent is in accordance with the process definition. This process should define or have a scope of the following:

  • Which devices should be in Xurrent?
  • How do they get in there?
  • How / when do the get deleted / removed
  • Align with other process owners such as Financial Management, procurement, and similar functions

License type of Xurrent used in the Enterprise

In order to use the Microsoft Intune connector for Xurrent it’s a prerequisite that the Premium plan is used as the connector makes use of the asset management module that is part of this plan. To find out which SKU you have, you can do the following.

  1. Go to Xurrent console
  2. Go to settings
  3. Select Account overview
  4. Verify that the plan used is Premium

Xurrent premium license

Azure Active Directory

For the connector to be able to define relationships between devices and their owners (connector will only do this where the requirements are met) the connector between Azure Active Directory and Xurrent must be configured before enabling the Microsoft Intune connector for Xurrent. If devices between Configuration Manager and Intune is configured, it’s a requirement to also configure Azure AD sync between Azure and on-prem Active Directory. It is also a requirement that the Azure AD connector is configured to at least include the scope of users (owners) that Intune is importing devices and alerts for, to do the mapping correctly.

Setup the Azure Active Directory Connector

To be able to map users with the primary user of a device, the AAD connector (SIAM) needs to be configured first and the scope of users that matches the users having devices in Intune should be showing under people in Xurrent. Make sure the following App is showing under installed apps and is configured accordingly

SCIM - Azure AD

To install the Xurrent connector please follow this guidance.

🔗 Tutorial: Configure Xurrent for automatic user provisioning | Microsoft Docs

Users in Xurrent should now be listed under people like in the picture below.

Xurrent users from Azure AD

Ensure that the e-mail address listed under the person matches the UPN for the primary person listed for a device in Intune (primary user).

Data synchronized to Xurrent

This section will outline the data that is synchronized from Intune to Xurrent as part of the connector. This is split into two parts, the Configuration Items and the Intune Policy Incidents as well as the relationships maintained by the connector.

CI Data that is synced to Xurrent

The following information will be brought over from Intune as attributes for a CI under Configuration Items:

CI Type Data Example
Operating System Operating System Windows
Operating System version 10.0.22621.1
Operating System SKU Windows 10 Professional
Storage Total Storage Space 235 GB
Free Storage Space 150 GB
Life Cycle Enrolled date 11/17/2022
Last Contact 11/23/2022
Azure AD registered True
Azure AD Join Type AzureADJoined
Ownership Company
Security Compliance Noncompliant
Encrypted True
Jailbroken Unknown
Ownership Company

This information will look like the following in the Xurrent portal under CIs

Intune CI data in Xurrent

CI relationship data in Xurrent

The following relationship are made if the requirements are met when configuring the Intune connector.

  • CI to Person relationship
  • Product to CI relationship
  • Intune Service Request relationship to Person and CI

Compliance Data that is synced to Xurrent

The Intune connector can forward Intune Compliancy Policy alerts directly to Xurrent as Incidents with associated device and person. This will enable you to quickly respond to configuration drifts in terms of policy violations and compliancy risks that needs to be addressed accordingly.

Xurrent Inbox

Configuration Manager Data that is synced to Xurrent

Configuration Manager devices can be imported into Xurrent if data between Configuration Manager and Intune is configured correctly. This is referred to as co-management There are two paths to reach co-management:

Existing Configuration Manager clients
You have Windows 10 or later devices that are already Configuration Manager clients. You set up hybrid Azure AD, and enroll them into Intune
New internet-based devices
You have new Windows 10 or later devices that join Azure AD and automatically enroll to Intune. You install the Configuration Manager client to reach a co-management state.

This is a described process and can be configured by following this link:

🔗 Enable co-management - Configuration Manager | Microsoft Docs

If devices are replicated (co-managed) in Intune from Configuration Manager, the connector will import these devices into Xurrent.