Skip Navigation LinksALVAO 11.1Extension modulesALVAO Microsoft Intune ConnectorInstallation Skip Navigation Links.


Technical requirements

Unless otherwise specified, these are versions of products with valid extended support within the Microsoft product lifecycle at the time the Alvao version was released.


  1. In the Microsoft Azure portal, add the following Microsft Graph permissions to the existing ALVAO app in your AAD tenant (or you can create a new app, if necessary):
    • Application.ReadAll
    • Device.ReadAll
    • DeviceManagementApps.Read.All
    • DeviceManagementConfiguration.Read.All
    • DeviceManagementManagedDevices.Read.All
    • User.Read
  2. Install the IntuneConnectorService.msi (formerly EndpointManagerConnectorService.msi) package on your Alvao server.
  3. In the appsetings.json file of the service:
    • Set the connection to the Alvao database.
    • To the AAD_ClientSecret setting copy the value of the setting from the ALVAO WebApp configuration file.
  4. Set the service to run on the same account as the ALVAO Service. Alternatively, use a different account with db_dataread and db.datawrite permissions to the Alvao database.

Configuration Manager

  1. Install and set up the ALVAO Collector service.
  2. Set up Configuration Manager.
  3. In Administration - Asset Management - Settings - MS SCCM Connector add one or more connections to Configuration Manager. The connector uses either Administration Service or direct connection to SQL database of Configuration Manager.

Administration Service

The Administration Service is a component of SCCM that implements a web-based REST API that provides computer data to authorized users over HTTPS.

It can be run either only within the corporate network or also over the Internet. In either case, Collector authenticates with a user name and password, which must exist in SCCM and have permission to read data from the HW and SW inventory.

  • Within the corporate network, kerberos authentication takes place between the Collector and the Administration Service.
  • When connected over the Internet, Collector connects to SCCM through the Cloud Management Gateway service. Therefore, the specified user must also exist in Azure Active Directory, where the application that Collector uses to obtain an Access Token to connect to the Administration Service must also be registered.
    To connect Collector to the Administration Service, you must use an account that is synchronized from your AD to AAD using Password hash synchronization. Accounts synchronized via Pass-through Authentication or ADFS are not supported.

To install and set up the Administration Service, see How to set up the administration service in Configuration Manager.

Database connection

Collector uses the connection string and reads the computer data directly from the SCCM database. This option is not available for ALVAO SaaS.

You need to ensure that the account under which the ALVAO Collector service runs has the right to read data from the SCCM database. So, for example, the db_datareader role is sufficient.


Did not find what you were looking for? Ask our technical support team.