Setup platform support

Overview

This setup guide will guide you through to successfully connect Relution with Microsoft Entra/Intune. Please ensure the requirements are met before starting.

During this setup we will:

  1. create an Entra ID application which will be used to verify your access when your server talks to our microservice.
  2. give consent to our multi-tenant app Relution which we will need to report the compliance state of your devices to your Entra ID.
  3. Add Relution as compliance partner in Intune
  4. Confirm a correct setup

Each step is crucial for the next one, so please go through them carefully one by one, and whenever prompted to verify something, ensure it reports back success.

After Entra ID has been configured and users have been synced correctly, you can now navigate to Conditional Access in the settings. Setting Overview

Support Android Enterprise, iOS and macOS

Start the wizard to enable the necessary platform.

Setting Landingpage

Wizard (1): Create application

You could also skip this step and re-use the application you used during the Entra ID Setup. Relution suggests to have two applications due to different scopes and purposes.

First of all we have to create a new Entra ID application. This will be required so our microservices can confirm you have access to your tenant. Contrary to the Entra ID setup, you won’t need to have an MDM app. A simple App registration will do the trick.

The link in the wizard will bring you to your Entra ID app registrations. After creating the app, you can continue to the next step in which you’ll need to provide its application ID.

Wizard (2): Application IDs

Your app also needs a client secret. Please create one, then paste the application ID and secret into the input fields. After successfully verifying, you can proceed to the next step.

Wizard (3): Expose API

Due to technical limitations of how we can validate tokens from Microsoft, you’ll have to expose an API and add a custom scope.

In the Expose an API setting page of your Entra app, do the following:

  1. Click on Add a scope
  2. Fill in the necessary information
    • Name the scope Relution.Auth
    • Have the consent on Admins only
    • For the display name and description you can input whatever you want, we suggest something like: Used by Relution to identify Tenant Ownership
  3. Click on Add scope
  4. You should see the scope in Scopes defined by this API

On the top of the Expose an API view in Entra, you should see an Application ID URI. This value should be selected in the scope type. It should contain the client id of the newly created app (step 1), or your domain if you reuse the one from the Entra ID setup. In case it’s neither of both, feel free to input your custom value.

Expose an API

You should now be able to successfully verify this step in the wizard.

Wizard (4): Add Partner

In the Intune Partner Compliance Managment setting, you’ll have to add Relution as a partner for every platform that you want to be synced.

Intune Compliance Partner Overview

Compliance Partner Link Step 1

Compliance Partner Link Step 2

  1. Click on Add compliance partner
  2. Select the platform you want to sync (you can repeat these steps for all platforms)
  3. Assign a group of users that should be synced. You can also select Add all users but ensure to never lock yourself out later.
    • As of now, excluding groups won’t have any affect.
  4. After reviewing that everything was selected correctly, you can click on Create
  5. You should see Relution with a status of 🔄 Pending activation for that platform. Status might differ if this is not your first setup.

This step will fail if you did not link any platform in the step before

Now you have to give admin consent to our multi-tenant app Relution. This step is necessary so that Relution is allowed to actually manipulate compliance states of your Entra ID devices. This will open a new tab (might be blocked as pop-up by your browser). After successfully granting consent, you’ll see a page saying success! you can now close this tab. You can now close this extra tab and continue with the wizard.

Consent

Wizard (6): Synchronize

As a final step, you’ll have to synchronize Entra ID groups. During this Synchronization, Relution will ensure a correct setup and sync the groups you configured in the wizard during step 4.

In the Intune Partner Compliance Managment setting, Relution should now be shown as ✅ Active.

Whenever you adjust settings in the Compliance Partner settings in Intune, like adding/removing groups or platforms, you need to manually trigger a sync.

Support Windows

To Support Windwos devices only the following option has to be enabled.

Setting Landingpage

Windows devices should now successfully sync their state.