Sidebar

Combodo

iTop Extensions

Data collector for InTune

name:
Data collector for InTune
description:
Synchronize Microsoft InTune managed devices into iTop
version:
1.0.1
release:
2025-01-23
itop-version-min:
3.2.0
code:
combodo-intune-data-collector
state:
stable
php-version-max:
8.3

This collector enables administrators to automatically feed iTop with relevant and accurate InTune cloud computing information. Together with the InTune modelization that the Data model for Microsoft InTune extension brings, it links iTop CMDB to the InTune world.

Features

The Data collector for InTune is a stand-alone PHP software that connects to InTune, retrieves managed devices and synchronizes them with iTop's CMDB.

  • Connection to InTune is done through Graph OAUTH2 authentication,
  • Objets'retrieval relies on Graph REST API which extracts data in JSON format,
  • Synchronization follows iTop's built-in Data Synchronization mechanism.
For more information on how the data synchronization works, please refer to the Data Synchronization Overview and to the Data collector Base mechanism.

For better integration with inTune, the collector may work in conjunction with the Data model for Microsoft InTune extension that can be installed on iTop where iTop objects commonly used in the Microsoft platform are enriched with InTune attributes.

The Data collector for InTune synchronizes the following objects:

  • Brands
  • Models
  • OS families
  • OS versions
  • Mobile Phones
  • PCs
  • Tablets

The main problem with that synchronization is that InTune devices are not typed as PCs, tablets, mobile phones or anything else. They are just managed Devices ! It is, therefore, up to the collector to find out this information, based by default on the information already stored in iTop, or also based on its configuration files. Note that the Data model for Microsoft InTune extension helps with that task.

By default, the collector adds a contact to the list of contacts for mobile phones, PCs and tablets: the one provided by InTune for each managed device. This implies that these contacts must pre-exist in iTop for the mobile phones, PC and tablets to be synchronized in iTop. Should that not be the case, this feature may be deactivated via the configuration file.

Data collection can be enhanced by adding further InTune classes to this list. Please, refer to the Q&A section below.

Revision History

Version Release Date Comments
1.0.1 2025-01-23 First version

Limitations

The collector only synchronizes devices managed by InTune (see above).

Requirements

To use the collector, a few points must be observed:

  • The InTune managed devices synchronized by the collector must exist in iTop (CMDB CIs). This is, by default, the case with iTop's standard data model as long as the End-User Devices management extension has been selected.
  • In order to browse InTune's computing environment, you'll need a Graph account (see service principal) that allows you to read InTune's resources.
  • From a system standpoint, you'll need to comply with the requirements expressed in the Data collector Base documentation.
  • Modelization of managed devices may be enhanced with a set of attributes defined in the Data model for Microsoft InTune extension. Please, refer to the Q&A section for furhter details on that question.

Installation

Do not install this extension in your webserver directories (like apache) otherwise your configuration files (with URLs, credentials) may be accessible from outside

Simply expand the content of the zip archive into a folder on the machine where the collector will be run.

Configuration

The configuration of the application is built by concatenating 4 files:

  1. collectors/params.distrib.xml that holds the entries that are specific to the Data collector for InTune. It should not be modified.
  2. collectors/extensions/params.distrib.xml that holds entries that have been created and added by the customer to answer its specific needs. This file is optional.
  3. conf/params.distrib.xml that is provided by the collector framework, Data collector Base. It should not be modified.
  4. conf/params.local.xml where the collector can be adapted to the specific customer needs.
The Itop data collector documentation describes the configuration process in details

The collectors/params.distrib.xml configuration file holds parameters that must (for some) or can (for others) be changed when configuring the collector, which is done through the conf/params.local.xml file.

<?xml version="1.0" encoding="UTF-8"?><!-- Default values for parameters. Do NOT alter this file, use params.local.xml instead -->
<parameters>
        <!-- Microsoft links -->
        <microsoft_login_url>https://login.microsoftonline.com/</microsoft_login_url>
        <microsoft_auth_mode>/oauth2/token</microsoft_auth_mode>
        <microsoft_resource>https://graph.microsoft.com/</microsoft_resource>
 
        <!-- Client's credentials -->
        <ms_clientid></ms_clientid>
        <ms_clientsecret></ms_clientsecret>
        <ms_tenantid></ms_tenantid>
        <ms_tenantid_short></ms_tenantid>
 
        <!-- *** iTop Class Parameters *** -->
        ...
           List of iTop classes with their parameters, including their InTune matching fields
        ...
 
        <!-- Class collection sequence -->
        ...
           List of classes to collect with the rank in the collection process
        ...
 
        <!-- Global iTop parameters -->
        <model_unknown_type>InTuneUnknown</model_unknown_type>
 
        <!-- Synchronization parameters -->
        <contact_to_notify></contact_to_notify>
        <synchro_user></synchro_user>
        <name_prefix>InTune</name_prefix>
        <name_postfix>Discovery</name_postfix>
        <json_placeholders>
                <itopbrand_synchro_name>$name_prefix$ Brands $name_postfix$ - $ms_tenantid_short$</itopbrand_synchro_name>
                <itopmodel_synchro_name>$name_prefix$ Models $name_postfix$ - $ms_tenantid_short$</itopmodel_synchro_name>
                <itoposfamily_synchro_name>$name_prefix$ OS Families $name_postfix$ - $ms_tenantid_short$</itoposfamily_synchro_name>
                <itoposversion_synchro_name>$name_prefix$ OS Versions $name_postfix$ - $ms_tenantid_short$</itoposversion_synchro_name>
                <itopmobilephone_synchro_name>$name_prefix$ Mobile Phones $name_postfix$ - $ms_tenantid_short$</itopmobilephone_synchro_name>
                <itoppc_synchro_name>$name_prefix$ PCs $name_postfix$ - $ms_tenantid_short$</itoppc_synchro_name>
                <itoptablet_synchro_name>$name_prefix$ Tablets $name_postfix$ - $ms_tenantid_short$</itoptablet_synchro_name>
                <synchro_status>production</synchro_status>
                <full_load_interval>0</full_load_interval><!-- 7 days (in seconds): 7*24*60*60 -->
                <!-- Set the following parameters to 1 if you want to update them, to 0 otherwise -->
                <update_mobilephone_contacts_list>1</update_mobilephone_contacts_list>
                <update_pc_contacts_list>1</update_pc_contacts_list>
                <update_tablet_organization>1</update_tablet_organization>
        </json_placeholders>
 
</parameters>        

The collectors/extensions/params.distrib.xml configuration file holds parameters to collect additional classes required by a customer.

<?xml version="1.0" encoding="UTF-8"?><!-- Default values for parameters. Do NOT alter this file, use params.local.xml instead -->
<parameters>
        <!-- iTop Class Parameters -->
        ...
           List of additional iTop classes with their parameters, including their InTune matching fields
        ...
 
        <!-- Class collection sequence -->
        ...
           List of additional classes to collect with the rank in the collection process
        ...
 
 
        <!-- Synchronization parameters -->
        <json_placeholders>
                <itopmyclass_synchro_name>$name_prefix$ My Class $name_postfix$</itopmyclass_synchro_name>
                ...
                   Placeholders for other additional classes
                ...
        </json_placeholders>
 
</parameters>

Connection parameters

This set of parameters is required to connect to the iTop application or the Microsoft InTune environment. Some of them must or may be adapted to meet customer's environment.

Parameter Meaning Sample value
itop_url URL to the iTop Application https://localhost/myitop
itop_login Login (user account) for connecting to iTop. Must have admin rights with rest profile for executing the data synchro admin
itop_password Password for the iTop account admin_pwd
itop_token Token for authentication by token
itop_login_mode Login mode to be passed in URLs: form (default), token
microsoft_login_url URL to be used by the collector to log into InTune and start the authentication process https://login.microsoftonline.com/
microsoft_auth_mode Specifies the authentication process - OAUTH2 for the Azure collector /oauth2/token
microsoft_resource URL to the Graph REST API https://graph.microsoft.com/
ms_clientid Client ID is the unique identifier of your application created in InTune. 7ed0fdef-abcd-4fd0-8364-da5fde498765
ms_clientsecret Secret key associated to the Client ID. fJ4eQ~rG75DPd4aadrBodZvKxFtxOhnX2XrO
ms_tenantid Tenant ID is the unique identifier of your InTune instance. A Tenant ID allows you to register and manage your apps. 2d74zb091-b7fe-4e14-868b-4e9a3f887a60
ms_tenantid_short Sub string of the Tenant ID, or any other string, that allows you to clearly differentiate in iTop different synchro data sources working on different Tenants (1 collector should be used per Tenant - see above). That string is appended to the name of the synchro data source, in iTop. 4e9a3f887a60

Global iTop parameters

These are parameters related to the iTop datamodel.

Parameter Meaning Sample value
model_unknown_type Value to be added to the Type attribute of the Model class to, precisely, identify an unknown type. InTuneUnknown

Synchro data source parameters

The parameters that are defined in this section will directly alter the content of the json files used by the collector to build the synchronization data sources in the remote iTop. Some of them must or may be adapted to meet customer's environment.

Parameter Meaning Sample value
contact_to_notify The email address of an existing contact in iTop to be notified about the results of the synchronization. john.doe@demo.com
synchro_user If the user account used for running this synchronization is not an Administrator, then its login must be specified here, since iTop allows only the administrators and the specified user to run the synchronization.
name_prefix String used to prefix the name of all Graph synchro data sources Graph
name_postfix String used to postfix the name of all Graph synchro data sources Discovery
$name_prefix$ <iTop_Class> $name_postfix$ Name of the synchro data source for the given iTop Class InTune Brands Discovery
synchro_status Status of the synchro data source: implementation, production, obsolete production
full_load_interval The delay (expressed in seconds) between two complete imports of the data. The objects which have not been detected by the collector during a timespan longer than this interval will be considered as obsolete and marked as such in iTop. Adjust this value depending on the scheduling recurrence. 604800
update_mobilephone_contacts_list Define if the mobile phones' list of contacts must be synchronized (1) or not (0) 1
update_pc_contacts_list Define if the PCs' list of contacts must be synchronized (1) or not (0) 1
update_tablet_contacts_list Define if the tablets' list of contacts must be synchronized (1) or not (0) 1

iTop Class Parameters

Next to the core parameters described here above, the collectors/params.distrib.xml file provides the list of all iTop classes that need to be discovered and, for each of them, lists the parameters that should be synchronized within iTop. Since the retrieval of InTune data is made in JSON format, this list must be aligned with the requirements expected by the standard JSON collector defined in the data collector base.

A difference must be made between the collector that looks after the Brand class and the others. As you'll see in the Usage section below, the Brand collector retrieves the whole list of managed devices from InTune and stores it locally in JSON format. All other collectors work from that file. This explains why the configuration file format differs between the Brand collector and the others.

The Brand collector is the only one that will collect the latest and up to date information from InTune. As a consequence, make sure that this collector is activated.

Brand collector's configuration format is as follows:

  <itopbrandintunecollector>
                <ms_class>managedDevices</ms_class>
                <api_version>1.0</api_version>
                <jsonfile>data/InTuneManagedDevices.json</jsonfile>
                <path>value</path>
                <fields>
                        <primary_key>manufacturer</primary_key>
                        <name>manufacturer</name>
                </fields>
                <defaults/>
        </itopbrandintunecollector>
Parameter Meaning Sample value
ms_class Microsoft class that the collector relies on managedDevice
api_version Version of the Microsoft REST API used to retrieve class data 1.0
jsonfile Define the relative path to the JSON file where InTune data have been extracted data/InTuneManagedDevices.json
path Path to find the data to synchronize in JSON file value
fields List of objects' fields to be considered by the synchro engine
defaults List of default values to be used, if required

Next to the Brand collector, the collectors' configuration format for other classes is as follows:

  <itopNAME_OF_THE_CLASSintunecollector>
                <jsonfile>data/InTuneManagedDevices.json</jsonfile>
                <path>value</path>
                <fields>
                        <itop_attribute#1>graph_attribute#1</itop_attribute#1>
                        <itop_attribute#2>graph_attribute#2</itop_attribute#2>
                        ...
                        <itop_attribute_default#1>itop_attribute_default#1</itop_attribute_default#1>
                        ...
                        <itop_attribute#n>graph_attribute#n</itop_attribute#n>
                </fields>
                <defaults>
                        <itop_attribute_default#1>Default Value</itop_attribute_default#1>
                        ...
                </defaults>
                <nullified_attributes type="array">
                        <attribute>itop_attribute#n</attribute>
                </nullified_attributes>
        </itopNAME_OF_THE_CLASSintunecollector>
Parameter Meaning Sample value
jsonfile Define the relative path to the JSON source file where InTune data have already been extracted data/InTuneManagedDevices.json
path Path to find the data to synchronize in the JSON file value
fields List of iTop's attributes of the considered class together with their InTune mapping
Note the special format required for attributes that are set with a default value !
defaults List of default values to be used, if required
nullified_attributes List of attributes for which an empty value must be set to <null> in the final csv file

The Model collector's configuration is slightly different as it brings some precisions on the way InTune managed devices should be typed (as PCs, mobile phones…). For that purpose, it holds an additional section:

  <itopmodelintunecollector>
                ... same as for the general format
                <osfamily_type_default_mapping>
                        <OS_Family_#1>Type_#1</OS_Family_#1>
                        ...
                        <OS_Family_#n>Type_#n</OS_Family_#n>
                        ...
                        <OS_Family_#m type="array">
                                <brand>
                                        <name>Brand_name_#i</name>
                                        <type>Type_#i</type>
                                </brand>
                                <brand>
                                        <name>Brand_name_#j</name>
                                        <type>Type_#j</type>
                                </brand>
                                ...
                        </OS_Family_#m>
                </osfamily_type_default_mapping>
        </itopmodelintunecollector>
Parameter Meaning Sample value
osfamily_type_default_mapping List of OS families supported by InTune
OS_Family_#n Name of an OS family managed by InTune Android
Type_#n Default type for that family MobilePhone
brand / name Name of a specific brand in the family LENOVO
brand / type Type for that brand in the family PC
According to Microsoft documentation, the list of OS families managed by InTune is this one:
  • Android
  • Chrome OS
  • iOS
  • iPadOS
  • Linux
  • macOS
  • Windows
  • Only the OS families for which types can be specified should appear in the list.
  • OS families that cannot be associated to a type at this stage should not be in the list and will need to be set in iTop, under the Typology / Model menu.
  • The type that is set with each entry MUST match one of the iTop classes managed by the collector, i.e. by default: MobilePhone, PC, Tablet.

Here is an example of a default mapping for models:

  <osfamily_type_default_mapping>
                <Android>MobilePhone</Android>
                <iOS>MobilePhone</iOS>
                <iPadOS>Tablet</iPadOS>
                <Linux>PC</Linux>
                <macOS>PC</macOS>
                <Windows type="array">
                        <brand>
                                <name>Dell Inc.</name>
                                <type>PC</type>
                        </brand>
                        <brand>
                                <name>LENOVO</name>
                                <type>PC</type>
                        </brand>
                        <brand>
                                <name>Panasonic Connect Co., Ltd.</name>
                                <type>Tablet</type>
                        </brand>
                </Windows>
                <Chrome_OS>PC</Chrome_OS>
        </osfamily_type_default_mapping>

Class collection sequence

This section defines the list of classes that will be collected and in which order. It enables as well the possibility to deactivate the collection of a class.

<collectors_launch_sequence type="array">
        <!-- iTop Brands -->
        <collector>
                <name>iTopBrandInTuneCollector</name>
                <enable>yes</enable>
                <rank>1</rank>
        </collector>
        <!-- iTop Models -->
        <collector>
                <name>iTopModelInTuneCollector</name>
                <enable>yes</enable>
                <rank>2</rank>
        </collector>
        <!-- iTop OS Families -->
        <collector>
                <name>iTopOSFamilyInTuneCollector</name>
                <enable>yes</enable>
                <rank>3</rank>
        </collector>
        <!-- iTop OS Versions -->
        <collector>
                <name>iTopOSVersionInTuneCollector</name>
                <enable>yes</enable>
                <rank>4</rank>
        </collector>
        <!-- iTop Mobile Phones -->
        <collector>
                <name>iTopMobilePhoneInTuneCollector</name>
                <enable>yes</enable>
                <rank>5</rank>
        </collector>
        <!-- iTop PCs -->
        <collector>
                <name>iTopPCInTuneCollector</name>
                <enable>yes</enable>
                <rank>6</rank>
        </collector>
        <!-- iTop Tablets -->
        <collector>
                <name>iTopTabletInTuneCollector</name>
                <enable>yes</enable>
                <rank>7</rank>
        </collector>
</collectors_launch_sequence>
Parameter Meaning Sample value
name Name of the iTop class collector iTopMobilePhoneInTuneCollector
enable Enable or disable its collect yes / no
rank Relative rank in the collection 5
In the specific case of the InTune collector, the collect of the Brand class is mandatory and must be done at rank 1. Though not mandatory, the collect of the Model class should be done at rank 2.

Usage

The launch of the InTune collector will be driven by the command and parameters defined in the usage section of iTop Data collector base. Once launched, first action of the collector will be to build its collection plan, based on the list of classes that have been enabled in the configuration file. Then,

  • Configuration files will be consolidated,
  • Synchronisation data sources will be created or updated if required,
  • Authentication to InTune environment will be made (see below),
  • Collection of InTune managed devices will be made through the iTopBrandInTune collector by invoking Graph REST API. Extracted data will be stored under the local “data” directory, in JSON format,
  • Other collectors will not connect to InTune but will rely on the managed devices collected by the iTopBrandInTune collector to do their job, i.e. extract the data that are relevant to them,
  • Synchronisation will run and InTune devices will be pushed to iTop.
You may schedule the collector either with cron on Unix systems or with the Task Scheduler on Windows.

iTop class Brand

This must be the first class to be collected. Defaults parameters for that class have been listed here above. During brand collection, all managed devices stored in InTune (limited to what the client ID set in the configuration file can see, of course) are gathered and stored in a JSON file, under the “data” directory of the collector. This file will, then, act as the source to extract the Brands and all other classes set in the class collection sequence.

iTop class Model

It is during the collect of the Model class that typology will be brought to InTune devices by adding the correct type to a given Model of a given Brand. This is the reason why it is recommended to run it in second position. In order to achieve this, the collector will rely on the mapping that is provided in the configuration file, under the tag <osfamily_type_default_mapping>:

  • For each of the OS families managed by InTune (listed here in Microsoft documentation), a default type may be given. For instance, iPadOS will be mapped to the class Tablet.
  • If an OS family cannot be associated to a unique type (devices runing Windows may be PCs or Tablets in some organizations), a more detailed mapping can be created by giving a type to a brand. For instance, the brand Dell Inc. running a Windows OS will be mapped to the class PC.

With this mapping, device collectors (MobilePhone, PC, Tablet…) will be able to decide if a given managed device belongs to their class or not.

A managed device for which no type has been found will not be imported in iTop.

Mapping a type to an OS and / or a brand may quickly become a burden: the volume of mappings may be too large or a brand running a given OS may support too many different types of devices. This is where the Data model for Microsoft InTune will greatly help. Indeed, if the InTune collector detects that this extension has been installed on Itop, it will automatically import the unknown models with the type InTuneUnknown and the iTop Configuration manager will have the possibility, next, to set, though the iTop console, the proper type to the models that have flagged in iTop under this default type.

The default type is set by default to InTuneUnknown but can be changed in the configuration file through the model_unknown_type parameter under Global iTop parameters section.

Models with an unknown type will appear as follow in iTop:

You may refer to the Model Management section of the Data model for Microsoft InTune documentation for further detail.

iTop classes OSFamily and OSVersion

These are the next typology classes to be collected from InTune and synchronized wihtin iTop. It is recommended to run their collect in rank 3 and 4.

iTop classes MobilePhone, PC and Tablet

Their collect is driven by the configuration section specific to their collector:

  • The iTop attributes are listed, together with their InTune counterpart,
  • The default as well as the nullified attributes are specified.

A key action to be made during the collect is to give the right typology to managed devices. This is done through their Brand and Model which have been associated to a type in iTop. In the case where no type has been associated to the Brand and Model of a given managed device, then the device will not be synchronized within iTop.

Consequence: the collect of a managed device may be carried out in 3 stages (and 2 collector runs):
  • At first collector run:
    • The model is created in iTop by the collector with a type InTuneUnknown (if the Data model for Microsoft InTune extension has been installed)
    • The managed devices with that model are not typed by the collector and therefore left out iTop
  • A configuration manager set the proper type to the model in iTop, through the Typology configuration menu available under Data Administration.
  • At second collector run:
    • The proper type is given to the managed device which can, therefore, be synchronized within iTop.

Questions & Answers

Question: how does the authentication mechanism work ?
Answer: the collector relies on OAUTH2 authentication requested by Graph to retrieve data through its REST API. This is the exact same mechanism as the one implemented within the Data collector for Azure. Please, refer to the Q&A section of that collector for further details.

Question: how can I add InTune classes to the collection plan ?
Answer: Other classes than the ones listed by default in the collector can be added to its collection plan. For that purpose, we highly recommend to use the extensibility mechanism that is provided by the Data Collector base. You'll find the related documentation here.

Question: do I need to load the Data model for Microsoft InTune extension in my iTop for the collector to work ?
Answer: No. This is not a must. The Data collector for InTune has been built to handle both cases where the extension is installed and where it is not. However:

  • If the extension has not been installed, only the following devices will be imported:
    • the ones which model already pre-exists in iTop,
    • the ones for which a mapping has been defined through the Model configuration.
  • It it has been installed, the full flexibility provided by the collector to handle the managed devices' types, as described here above, will be available.
extensions/combodo-intune-data-collector.txt · Last modified: 2025/01/08 11:55 by 127.0.0.1
Back to top
Contact us