Service Graph Connector for Microsoft Intune Out of the box functionality causing Performance Issue

Chandra18 · ‎03-10-2025

Hello Experts,

We have installed the Plugin (out of the box) Service Graph Connector for Microsoft Intune to integrate ServiceNow and Intune. Currently, "Scheduled Data Import Job" "SG-Intune Devices" is import the data into a staging table that extend from "import set row" table and by a transform map we are bring data into a custom table called "Intune Mobile devices".

The "Scheduled Data Import Job" "SG-Intune Devices" is running weekly on a Weekend basis. but it is taking lot of time to execute and an incident created by platform team. We have deactivated another "Scheduled Data Import Job" "SG-Intune software" and "SG-Intune computer".

We would like to know what's causing this delay in the script/running job and how we can optimize the script to avoid delays in the running jobs in the Production instance.
I have created a before - insert business rule to abort record creation if u_manageddeviceownertype=personal OR u_serialnumber=0 on staging table. But it is not working.
There is a data source and it is loaded by script. in this script a script include called and here is two enpoints defined, I have not an idea how can we change this endpoint/URL to fetch only u_manageddeviceownertype=company and u_serialnumber!=0 devices.

Kieran Anson · ‎03-10-2025

A BR isn't the correct choice here, so let's fix that.

You need to modify the flow action that is retrieving data. It is far better to apply a filter to the fetched resource, than trying to filter afterwards.

In Workflow Studio, under data actions, open 'mobiledevices'

Modify the nextLink default value to include additional filtering. Below would be the new value

/deviceManagement/managedDevices?$filter=(operatingSystem eq 'android' or operatingSystem eq 'iOS' or operatingSystem eq 'iPadOS') and managedDeviceOwnerType eq 'company'

Save and publish the modification. You will now only receive records where the managed device owner type is company.

I wouldn't filter out devices with a serial number of zero unless you have a specific reason. SN can handle the reconciliation via identification rules. IntegrationHub also filters out invalid serial numbers and will change the value to a null value

Chandra18 · ‎03-10-2025

Hi @Kieran Anson ,

Thanks for your reply!

Could You please add this condition userPrincipleName should not empty??

Some one suggested the following step to avoiding CIs with serial number = 0.

Prevent updates:

https://www.servicenow.com/docs/csh?topicname=create-id-inclusion-rule.html&version=latest

- Create an Identification Inclusion Rule

Prevent inserts:
Please implement a Before Insert Business Rule on the target table as follows:
1. Discovery source is SG-Intune
2. Conditions to match your business needs (serial number = 0 on certain types of CIs, as an example)

But I am having the question it is possible when we are pushing the data in custom table?? also I am not familier with Inclusion Rule, How to apply this ?? Please help on this.

They suggested a business rule so am I created wrongly?

Thanks
Chandra

Kieran Anson · ‎03-11-2025

Hi Chandra, you'd modify it to the below

/deviceManagement/managedDevices?$filter=(operatingSystem eq 'android' or operatingSystem eq 'iOS' or operatingSystem eq 'iPadOS') and managedDeviceOwnerType eq 'company' and userPrincipalName ne null

But do be cautious - the more you filter, the less visibility you'll have to your infrastructure within the CMDB.

For the Serial Number, your customer needs to understand that a serial number isn't always necessary. ServiceNow IRE can reconcile on multiple identifiers. Serial Number isn't a unique value and some devices may legitimately not have one.

Chandra18 · ‎03-11-2025

Hi @Kieran Anson

/deviceManagement/managedDevices?$filter=(operatingSystem eq 'android' or operatingSystem eq 'iOS' or operatingSystem eq 'iPadOS') and managedDeviceOwnerType eq 'company' and userPrincipalName ne null

is not working still it is retrieving empty userPrincipalName.