Frontline Inventory & Help Desk Management
Frontline Inventory & Help Desk Management

Provisioning Asset Management in Microsoft Intune

Print

This guide outlines how Microsoft Intune administrators can create an API-enabled app, generate credentials, and authorize Frontline Asset Management (AM) to perform a nightly, read-only inventory sync.

Prerequisites

  • Intune/Microsoft Entra Administrator Rights – You must be a Global Administrator, or have the Cloud Application Administrator and Intune Administrator roles.
  • Microsoft Intune License – Any tenant with Intune Plan 1 or higher supports API integrations through Microsoft Graph.
  • Asset Management Access – You must be a District Administrator in Frontline Asset Management to configure integrations.
Note: Microsoft periodically updates UI labels between the Microsoft Intune Admin Center and the Entra ID portal. The overall process remains consistent: register an app, grant it read-only device permissions, and provide credentials to Frontline Asset Management.

Step-by-Step Configuration

Register an Application in Entra ID

  1. Sign in to the Microsoft Entra Admin Center using an account with admin privileges.
  2. Navigate to Applications > App registrations > New registration.
  3. Enter the following details:
    • Name: Frontline Asset Management
    • Supported account types: “Accounts in this organizational directory only”
    • Redirect URI: Leave blank (optional for API-only use)
  4. Click Register.
  5. Copy the Application (Client) ID and Directory (Tenant) ID; you will need them later in Asset Management.

Generate a Client Secret

  1. In the newly created app, go to Certificates & secrets > Client secrets.
  2. Click New client secret, give it a descriptive name (for example, "Frontline Asset Management Sync"), and select an expiration (recommended: 24 months).
  3. Click Add, then copy the Value immediately; this is your client secret and it will not be shown again.

Assign API Permissions

  1. Go to API permissions > Add a permission > Microsoft Graph > Application permissions.
  2. Search for and enable the following permissions:
    • Device.Read.All
    • Directory.Read.All
    • DeviceManagementManagedDevices.Read.All
    • User.Read
  3. Click Add permissions, then select Grant admin consent for your tenant. When prompted, click Yes.

These permissions allow Frontline Asset Management to read device inventory and related metadata, but not to modify any data.

am api permissions.png

Configure Integration in Asset Management

  1. Go to Management > Integration Settings > Microsoft Intune Integrations.
  2. Enter the credentials you recorded earlier:
    • Directory (Tenant) ID
    • Application (Client) ID
    • Value (Client Secret)
  3. Click Save. The status text should show "Ready to synchronize…."
  4. Click Initiate One-Time Sync to verify the connection and import your first data set.

Troubleshooting Tips

  • Invalid Credentials: Verify that the tenant ID, client ID, and client secret are correct and that the secret has not expired.
  • Permissions Errors: Confirm that admin consent was granted and that the app has “Device.Read.All."
  • Sync Status: Check the Integration Log in Frontline Asset Management for specific API error messages. Reverify the app registration if errors persist.

Additional Resource

Microsoft Intune MDM Integration Guide

Was this article helpful?