Cloudflare Zero Trust can integrate with Microsoft Intune to require that users connect to certain applications from managed devices. Our service-to-service posture check identifies devices based on their serial numbers.
Device posture with Microsoft Intune requires:
- An Intune license
- Microsoft Endpoint Manager managing the device
- Cloudflare WARP client deployed on the device
Obtain Microsoft Graph settings
The following values are required:
- Client secret
- Application (client) ID
- Direct (tenant) ID
To retrieve those values:
- Log in to your Microsoft Dashboard.
- Go to App Registrations and click New Registrations.
- Copy the
Application (client) IDvalue to a safe place. This will be your Client ID.
- Copy the
Directory (tenant) IDvalue to a safe place. This will be your Customer ID.
- Go to Certificates & Secrets and click New client secret.
- Fill in a description and how long the secret should be valid.
- After completing the form, immediately copy the resulting secret. This will be your Client Secret.
- Go to API Permissions and click Add permission.
- Select Application permissions.
- Search for
DeviceManagementManagedDevicesand select the
Set up Intune on the Zero Trust dashboard
- Go to Settings > Devices > Device posture providers and click Add new.
- Select Intune.
- Give your provider a name. This name will be used throughout the dashboard to reference this connection.
- Enter the Client ID, Client Secret and Customer ID as you noted down above.
- Select a polling frequency for how often Cloudflare Zero Trust should query Microsoft Graph API for information.
- Click Save.
- Click Test Provider to ensure the values have been entered correctly.