The Intune API in Microsoft Graph allows you to:
It supports both delegated permissions and application permissions for read and write operations.
The API endpoint for Intune is:
https://graph.microsoft.com/v1.0/ (for v1.0)
https://graph.microsoft.com/beta/ (for beta version)
You need to use Azure AD to authenticate and access the Intune API.
Permissions need to be specified to access Intune resources, typically done in the Azure Active Directory portal.
The API uses standard REST conventions, with HTTP methods like GET, POST, PATCH, DELETE etc.
Data is exchanged in JSON format.
Many Intune reports can be exported using the Graph API endpoint:
https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs
Reports include device compliance, app installation status, discovered apps, and many others.
Use the official Microsoft Graph documentation and SDKs when working with the Intune API.
Be aware of versioning (v1.0 vs beta) and use the appropriate endpoint for your needs.
Properly handle authentication and implement error handling in your API calls.
The official Microsoft Intune API does not have direct webhook support for device or app changes. However, there are alternative methods to receive notifications and track changes in Intune.
Audit Logs:
Azure Monitor:
Third-Party Solutions:
No Native Webhooks: The official Intune API doesn't have a built-in webhook mechanism specifically for mobile devices and apps.
Delay in Updates: When using alternative methods like audit logs, there might be a delay between when changes occur and when they are reflected in the logs.
Azure Event Grid: While not specific to Intune, Azure Event Grid supports webhooks for various Azure services. This might be an option to explore for some Intune-related events if they are exposed through Azure services.
Microsoft Graph API: Although not specific to Intune, Microsoft Graph API supports change notifications through webhooks for various Microsoft 365 services.
Monitor Audit Logs: Regularly check Intune audit logs for device and app changes.
Use Azure Monitor: Leverage Azure Monitor to centralize and analyze Intune log data.
Consider Third-Party Tools: Evaluate third-party solutions that offer Intune integrations if real-time notifications are crucial.
Explore Microsoft Graph API: If you need webhooks for other Microsoft 365 services, consider using Microsoft Graph API's change notifications feature.
Stay Updated: Keep an eye on Microsoft's documentation and announcements, as they may introduce webhook support for Intune in the future.
While the official Microsoft Intune API doesn't currently offer webhooks for device or app changes, there are alternative methods to track and receive notifications about changes in your Intune environment. Depending on your specific needs, you may need to combine multiple approaches to achieve the desired level of monitoring and notification.
The Microsoft Intune API has several rate limits and throttling thresholds in place to ensure consistent availability and performance. Here are the key points regarding the API rate limits for Microsoft Intune:
For most Intune services, the following limits apply:
POST, PUT, DELETE, PATCH requests:
Any request type:
The Intune devices service has slightly higher limits:
POST, PUT, DELETE, PATCH requests:
Any request type:
In addition to the service-specific limits, there is a global limit that applies across all tenants:
The limits are evaluated on a sliding window basis, typically over a 20-second period for Intune services.
When a limit is exceeded, subsequent requests will receive a "429 Too Many Requests" error response.
The limits are designed to protect the service from extraordinary demands that could threaten availability and performance.
Different Intune services (e.g., enrollment, applications, device configuration) have their own specific limits, but most follow the general pattern described above.
It's important to implement proper error handling and retry logic in applications that interact with the Intune API to handle potential throttling scenarios.
Implement exponential backoff retry logic when encountering 429 errors.
Optimize API calls to reduce the number of requests where possible.
Consider caching frequently accessed data to reduce API calls.
Spread out requests over time when performing bulk operations to avoid hitting rate limits.
By adhering to these rate limits and implementing proper handling, developers can ensure their applications interact with the Microsoft Intune API in a way that maintains service stability and performance for all users.
The most recent version of the Microsoft Intune API is the Microsoft Graph API v1.0 for Intune. Here are the key points:
The current production version of the Intune API is available through Microsoft Graph v1.0.
There is also a beta version of the Intune API available through Microsoft Graph beta.
The Intune API in Microsoft Graph allows you to access Intune device and application information, manage devices, manage apps, and automate Intune.
It enables programmatic access to Intune information for your tenant and performs the same Intune operations as those available through the Azure Portal.
Using the Microsoft Graph APIs to configure Intune controls and policies requires that the Intune service is correctly licensed by the customer.
For mobile device management (MDM) scenarios, the Microsoft Graph API for Intune supports standalone deployments; Intune hybrid deployments are not supported.
The API endpoint for Intune reports is: https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs.
Use Azure AD to authenticate and access the Microsoft Graph API for Intune.
Explore the PowerShell Intune samples to see how to use the Microsoft Graph API for Intune in working examples.
When exporting Intune reports, use the appropriate reportName parameter values listed in the documentation to specify which report you want to export.
In summary, the most up-to-date and recommended version of the Microsoft Intune API is accessed through Microsoft Graph v1.0, with a beta version also available for testing new features. This API provides comprehensive access to Intune functionality and data, allowing for powerful integration and automation capabilities.
To get a developer account for Microsoft Intune to create an API integration, you need to follow these steps:
Sign in to the Microsoft Intune admin center using administrative credentials.
Navigate to "All services" > "M365 Microsoft Entra ID" > "Microsoft Entra ID" > "App registrations".
Choose "New registration" to create a new application.
In the "Register an application" pane, specify the following:
After registering the application, you need to grant it access to the Microsoft Intune API.
Select your newly registered app in the "App registrations" pane.
Find and select the "Microsoft Intune API".
Select "Delegated Permissions" and check the box for "Get data warehouse information from Microsoft Intune".
Optionally, select "Grant admin consent for Microsoft" to grant access to all accounts in the current directory.
Select "Certificates & secrets" > "+ New client secret" and generate a new secret.
Make sure to copy and store the secret safely, as you won't be able to access it again.
Based on the search results provided, here are the key data models you can interact with using the Microsoft Intune API:
Key points to consider:
The API allows performing most operations available in the Intune portal programmatically, enabling automation and integration scenarios. However, some limitations may exist around filtering and property selection for certain entities.
