Microsoft Intune Spoke - Not getting all devices

Eric St-Vincent · ‎12-20-2023

Hi everyone,

We have set up the Microsoft Intune Spoke. Connection is working and we are able to get managed devices.

Only problem is : we are not getting all managed devices.

We double-checked the permissions in Azure with those listed in the ServiceNow documentation, and every one is there (Set up the Microsoft Intune spoke). Also updated the spoke plugin, but the result is the same.

Using the "Get Managed Device" flow designer action, we get this error message from the Microsoft graph API : Resource does not contain a tag allowed by the current role.

From that error, we found that adding the "Default" tag (or scope tag) to the device in Intune enabled us to get it from ServiceNow. Now we don't really want to add that Default tag to every device in Intune because that would defeat the purpose of having custom tags to limit what certain groups of users can see.

From what we found we can assign roles to users in Intune, but since this integration is done with a registered application we don't have an actual user account in Intune.

Is it possible to do this or are there other permissions we need to add to the registered application in Azure?

If someone has worked on this before, your help is greatly appreciated.

Thanks!

Eric

Eric St-Vincent · ‎12-21-2023

Thank you Suleman.

In the meantime our Azure admin was able to find a solution. I don't have all the technical detail, but basically he created a group for the specific Intune tag we were looking to get and added the registered app to that group.

The missing devices are now showing when doing the lookup of all devices.

Thanks!

View solution in original post

Suleman · ‎12-21-2023

To verify if the issue is on ServiceNow or Microsoft side, you can try to query the same API via Graph API Explorer and verify if you get those devices; if those devices are returned there then issue is with the Spoke (create a support case), if having same issue, then issue on Microsoft side.

Eric St-Vincent · ‎12-21-2023

Thank you Suleman.

In the meantime our Azure admin was able to find a solution. I don't have all the technical detail, but basically he created a group for the specific Intune tag we were looking to get and added the registered app to that group.

The missing devices are now showing when doing the lookup of all devices.

Thanks!

g k1 · ‎03-06-2025

Hi Everyone
i wanted to know whether we can do this configuration?

i want to see all the incidents related to a device but not as a user
like there we can use filter for devices but that also shows for a user's device
I want to see all incidents of a device
Any help on this?