Service Graph Intune Connector : Assigned to

parth2 · ‎08-04-2022

Can I get help to understand what is 'assigned to' on computer in ServiceNow mapped to from Intune?

There are two fields in Intune - 'Primary User' and 'Enrolled User'

I can see the data stream is using the API /deviceManagement/managedDevices/

The API doesnt really mentions if its returning primary user or enrolled user.

Can someone help me understand the difference between the primary user or enrolled user. Also based on the imported data, it appears that the api returns enrolled user. If so, how can we configure it to populate primary user?

Palani Chockali · ‎08-08-2022

Hi Parth,

Jim has provided an excellent answer to your mapping question with visualization. The API call returns only the enrolled user, even though the attribute name says primary user. When a user is assigned to a device initially, the enrolled and primary user remain the same. But if the same device is reassigned to another user, either the user left the tenant or for other business reasons, then the primary user name gets reassigned to the new user but the enrolled user will have the original enrolled user name. That is the difference between the two attributes in Intune.

We have fixed this to reflect the current device owner in an upcoming release of Intune(do not have dates yet!). Per Microsoft, we have to make another API call to get the current primary user name as the device API only returns enrolled user name (misleading with an attribute name like "userPrincipalName").

Here is the Graph API call to know the primary user name:

https://graph.microsoft.com/beta/deviceManagement/managedDevices/<deviceid>/users

The output of the above API call will give us the actual/current device owner or the primary user name. No surprise here from Microsoft and the attribute name again is "userPrincipalName".
I was also told that Microsoft is working on converging these API calls so it correctly reports on the primary user name on the current device call but it is not in place yet and not sure of the timeline also.

This involves making an additional API call for each device to know the primary username. We typically do performance testing as part of any major changes, especially when it comes to additional API calls to make sure it did not degrade current performance. This is work in progress as we speak. We would highly recommend you to wait and take the upgrade when it is available, assuming all the testing/performance are acceptable.

Hopefully this helps clarify your questions.

View solution in original post

parth2 · ‎12-18-2022

Hi Palani,

When can we expect the new version of the Intune connector? It has been a while and I would say this is a bug as wrong users are being populated to 'Assigned to'

Anshu10 · ‎01-30-2023

Hi Palani, Thanks for the clarification.

I was not able to see the changes made to this Primary User field brought in our staging table. So just to clarify that means Enrolled user field value is being brought up in UserPrincipalName field and its actually not this Primary User's field value.

Do we have any official Kb article or Prb raised for this? Also when can we expect a solution for this?

we are using Ver 2.1.2 for Service Graph Intune. Is it not fixed in this version?

Nick Hynes · ‎03-22-2023

I see that version 2.2.1 of the plugin has now been released and in the release notes states:

Enhanced Intune by bringing attributes for devices - lastSyncDateTime, azureADRegistered, managedDeviceOwnerType, isSupervised, userPrincipalName,isEncrypted,managementAgent

Does this mean that in this latest version we have the ability to bring through primary user?

justinainsworth · ‎04-06-2023

The userPrincipalName field is empty for me on imports, using 2.2.1. @Nick Hynes have you had any luck?

justinainsworth · ‎04-13-2023

Did some more experimenting on this and discovered that the Flow Action 'getuser' was failing with insufficent permissions. I updated my Microsoft App registration for intune, granting the application permission 'User.Read.All', and refreshed the oAuth token, fixing the flow action.

During the next import, the userprincipalname was set. Hope this helps others.