Skip Navigation LinksALVAO 11.2Extension modulesALVAO Microsoft Intune ConnectorDeployment Skip Navigation Links.


Skip Navigation LinksALVAO 11.2 / Extension modules / ALVAO Microsoft Intune Connector / Deployment

Deployment

Technical requirements

These settings are available for ALVAO on-premise installation only.

Unless otherwise specified, these are versions of products with valid extended support within the Microsoft product lifecycle at the time the Alvao version was released.

Intune

  1. In the Microsoft Azure portal, add the following Microsoft Graph permissions to the existing Alvao app in your Microsoft Entra ID tenant (or you can create a new app, if necessary):
    • Application permissions:
      • Device.Read.All
      • DeviceManagementApps.Read.All
      • DeviceManagementManagedDevices.Read.All
      • DeviceManagementConfiguration.Read.All
      • User.Read.All
    • Delegated permissions:
      • User.Read
  2. In the appsetings.json file of the service:
    • Set the connection to the Alvao database.
    • To the AAD_ClientSecret setting copy the value of the setting from the Alvao WebApp configuration file.
  3. Set the service to run on the same account as the Alvao Service. Alternatively, use a different account with db_dataread and db.datawrite permissions to the Alvao database.

Configuration Manager

  1. Install and set up the Asset Management Collector service.
  2. Set up Configuration Manager.
  3. In Administration - Asset Management - Settings - MS SCCM Connector add one or more connections to Configuration Manager. The connector uses either Administration Service or direct connection to SQL database of Configuration Manager.

Administration Service

The Administration Service is a component of SCCM that implements a web-based REST API that provides computer data to authorized users over HTTPS.

It can be run either only within the corporate network or also over the Internet. In either case, Collector authenticates with a user name and password, which must exist in SCCM and have permission to read data from the HW and SW inventory.

  • Within the corporate network, kerberos authentication takes place between the Collector and the Administration Service.
  • When connected over the Internet, Collector connects to SCCM through the Cloud Management Gateway service. Therefore, the specified user must also exist in Microsoft Entra ID, where the application that Collector uses to obtain an Access Token to connect to the Administration Service must also be registered.
    Caution:
    To connect Collector to the Administration Service, you must use an account that is synchronized from your AD to Microsoft Entra ID using Password hash synchronization. Accounts synchronized via Pass-through Authentication or ADFS are not supported.

To install and set up the Administration Service, see How to set up the administration service in Configuration Manager.

Database connection

Collector uses the connection string and reads the computer data directly from the SCCM database.

You need to ensure that the account under which the Asset Management Collector service runs has the right to read data from the SCCM database. So, for example, the db_datareader role is sufficient.

 

Did not find what you were looking for? Ask our technical support team.