***Note: See the below screenshot for reference on permissions once the grant is all complete

Take the following actions to troubleshoot a connection issue with Intune

1. If the integration throws a connection error, the first place to debug a connection issue will be the Integration Hub/Flow Designer
2. Intune uses many different data stream actions and you can pick one to troubleshoot. Picking ‘mobiledevices’ data stream action from the list of actions will be a good one to start.
3. Open the action and click ‘Test’ to test the connection
4. If the connection fails there too, then go through the Intune setup mentioned above
   
   1. Verify you have entered the correct credentials in the Oauth setup page
      
   2. Verify you have ‘read’ permissions for the Graph API. For a detailed permissions, see the attachment 'IntunePermissionExamples'. All of the permissions may not be required for your setup. Important thing to notice is that the permission type should be ‘Application’ and not ‘Delegated’ and read permissions exist for devices and applications.
5. If all of the above seems to be correct, then the best course of action is to test it in a REST tool like Postman (link below) to see if you can hit the REST endpoint with the credentials that were put in during the guided set up for Intune. An example collection of REST API calls are attached 'IntunePostmanCollection.zip'.
6. Performing a test with Postman will prove out that the client credentials are valid.
7. If installing an app like Postman is not allowed within your environment, then you can use curl commands to test out the connection locally mentioned under ‘Curl Commands’ section below
8. If the Postman or Curl commands work locally, then the next action could be to test it from the MID Server if a MID Server is being used in the integration setup. Either install Postman in the MID server or test using Curl commands to see if you can hit the REST endpoint.
9. If the connection works locally and also through MID if MID is being used, then you need to open up a case task to engage the CMDB Integrations team (Assignment Group: App-CMDB-Integrations) for further help

Curl Commands

1. Get the token

curl -X POST \https://login.microsoftonline.com//oauth2/v2.0/token \-H 'Accept: */*' \-H 'Connection: keep-alive' \-H 'Content-Type: application/x-www-form-urlencoded' \-H 'Host: login.microsoftonline.com' \

-d 'grant_type=client_credentials&client_id=&client_secret= &scope%20=https%3A%2F%2Fgraph.microsoft.com%2F.default'

2. Get devices

curl -X GET \'https://graph.microsoft.com/beta/deviceManagement/managedDevices?filter=deviceType%20eq%20%27android%27%20or%20deviceType%20eq%20%27iPad%27%20or%20deviceType%20eq%20%27iPhone%27%20or%20deviceType%20eq%20%27androidForWork%27%20or%20deviceType%20eq%20%27androidEnterprise%27%20or%20deviceType%20eq%20%27nokia%27%20or%20deviceType%20eq%20%27windowsPhone%27%20or%20deviceType%20eq%20%27blackberry%27%20or%20deviceType%20eq%20%27palm%27' \-H ‘Accept: */*’ \

-H ‘Authorization: ’

3. Get detected applications

curl -X GET \https://graph.microsoft.com/beta/deviceManagement/detectedApps \-H 'Accept: */*' \

-H 'Authorization: '

Useful Links

Graph API:

1.0 - https://docs.microsoft.com/en-us/graph/api/resources/intune-graph-overview?view=graph-rest-1.0Beta - https://docs.microsoft.com/en-us/graph/api/resources/intune-graph-overview?view=graph-rest-beta

Postman:

https://www.postman.com/