Microsoft Intune - FAQ's

Microsoft Intune - FAQ's

What are the possible Causes of Assets Not Syncing into ServiceDesk Plus Cloud from Microsoft Intune After Enabling the Integration:

  1. Insufficient Roles or Permissions: API calls to pull devices from the Intune device inventory may fail if the Microsoft account used to authorize the integration lacks sufficient roles or permissions in Intune. Please confirm that either a Global Administrator or an Intune Service Administrator (Intune Administrator account) was used for the integration.

    To check permissions in Intune:
    Microsoft Endpoint Manager Admin Center > Tenant Administration > Roles > My Permissions

  2. Can the SDAdmin Use a Different Microsoft Account for Integrations if SSO is Enabled? No. When using SSO to log in, you cannot use a different account for integrations. However, you can grant the other account SDAdmin privileges and use it for the integration.

  3. Can I Use a Different Microsoft Account for Intune Integration if I’ve Enabled Azure/User Sync? We can only use one account across all these integrations. If the customer wishes to change the Microsoft account for all integrations, follow these steps:

    • Go to Setup > Users & Permissions > Requesters > Import Users > Import from Azure.

    • Disconnect the current account and use the new account for the integrations.

What types of Devices That Can Be Imported or Synced from Microsoft Intune:

ServiceDesk Plus Cloud supports syncing the following types of devices from Microsoft Intune:

  • Windows

  • Android

  • Mac

  • iOS

What are the Information Synced from Microsoft Intune into ServiceDesk Plus Cloud:

Please refer to this link for the detailed information that is synced from Intune.

Can we access remote control using Probe for Workstations Synced from Microsoft Intune?

The Remote Control Add-on for the asset module will only work if the machine is scanned using Probe, as Probe initiates the unattended remote connection for a successfully scanned workstation.
Therefore, remote control will only be possible if the machine is scanned by Probe again.

Why Do Workstations Imported from Microsoft Intune Appear Under Scan Failures?

Scan Failures refers to a view listing workstations that failed the scan or were unreachable by Probe. Since we do not actually scan assets via Intune integration and are simply pulling information from Intune, the workstations created via the integration will not have a scan status. As a result, they will appear under "Scan Failures." Please disregard these entries if they were brought in via Intune.

Possible Causes of Assets of a Specific Model or Product Not Syncing:

To ensure devices sync correctly, verify that the product type is set appropriately. The product type for a device must be set as:

  • Workstation or Server for Windows and Mac devices

  • Smartphone or Tablet for Android and iOS devices

You can view and modify the product type under Setup > Customizations > Asset Management > Product.

How Can a Customer Sync Only Windows Devices?

Yes, you can filter the devices while syncing using the available conditions. Navigate to Setup > Apps & Add-ons > Third-party Integrations > Intune and click Configure.

How Are Existing Devices Identified and Updated in the System Instead of Being Created as New Assets?

For workstations, we check if there is an existing asset with the same hostname and servicetag. For mobile devices, we check if the same IMEI and serial number already exist. If any matching assets are found, they will be updated. If no matching assets are found, a new asset will be created.
On subsequent syncs, the hostname and service tag are used to update existing assets.


This error occurs when the Global Administrator has blocked organizational users from consenting to apps in Azure. Ask the customer to check if user consent has been blocked by following these steps:

  1. Log in to the Microsoft Azure portal using the Global Administrator account.

  2. Navigate to Azure Active Directory > Enterprise Applications > Consent and Permissions.

  3. Select User Consent Settings. If the "Do not allow user consent" option is enabled under "User consent for applications," organizational users will be unable to consent to apps.

Do We Support or Allow Customers to Use the Integration in Non-Enterprise Editions?

No, we do not support the Intune integration in non-Enterprise editions such as the Professional edition. The integration is only available in the Enterprise edition.


Will the Last Scan Time Be Updated for Assets Fetched via Intune?

No, the last scan time will not be updated for assets retrieved through Intune. This is because we do not directly scan the assets via the Intune integration. Instead, we fetch the asset information from a third-party inventory.

                  New to ADSelfService Plus?

                    • Related Articles

                    • Microsoft Azure Integration and its benefits

                      Kindly refer to this link for more info about this integration, https://help.sdpondemand.com/azure_integration Why does this integration have to be enabled separately? This is an additional authentication step implemented to enhance the existing ...
                    • Unable to complete Microsoft authentication - Import From Azure

                      a. The Microsoft account configured in Zoho is different from the account you are using to sign in to Zoho This indicates that the Zoho account is already linked to a Microsoft (MS) account, but you are attempting to authenticate using a different MS ...
                    • Microsoft Intune Integration

                      Helpguide --> https://help.sdpondemand.com/microsoft-intune-integration https://help.sdpondemand.com/microsoft-intune-devices Permissions 1) DeviceManagementManagedDevices.ReadWrite.All Read and write Microsoft Intune devices Allows the app to read ...
                    • Trouble Disabling Microsoft Azure Integration

                      a. You need to be an authorized Azure Administrator to disable this integration Only the integration owner (the admin who enabled the integration) can disable it. Therefore, the integration must be disabled from that admin’s account. The admin's ...
                    • Microsoft Azure Integration Card Error

                      a. Error message in Microsoft Azure card - "Authentication failed for MS Azure Global admin account. Please authenticate again." Re-enabling the integration will resolve the issue. The authenticated token may have been invalidated due to certain ...