Signal Handlers for InTune

Beta Feature

This article is subject to change as the feature develops and we make improvements.

API Calls

The calls to perform CRUD operations and to test HYPR Adapt Signal Handlers can be found under Control Center > Adapt > Event (Signal) Handlers in the HYPR Passwordless API collection.

HYPR Adapt Policy Config: Signal Handlers

Prerequisites

• Complete the Entra Configuration described in Intune Adapt Policy Setup first.

• Record the following information from Entra from the new App Registration created above.

  • clientId

  • clientSecret

  • tenantId

  

Creation

Signal handler will capture devices from Entra and feed them to HYPR Contro Center so policies can evaluate the compliance status of each workstation.

1. Click HYPR Adapt at left.

2. Select Signal Handlers.

3. Under Templates, select TOR scheduled data collector.

4. Click Custom.

5. Enter the Name Intune Data Collector and Save when finished.

6. Select the Intune Data Collector and select Configuration.

7. Under the Configuration tab, select View as JSON.

8. Paste the following into the JSON field:

   {
     "clientId": "",
     "clientSecret": "",
     "tenantId": "",
     "triggerEventName": "INTUNE_DATA_COLLECTOR_TRIGGER"
   }

9. Now click on Test and paste the following code within the body to the left

     /**
     * Intune EventHandler
     */
     function parseIntuneData(deviceData) {
         const objects = deviceData.map(device => {
             return {
                 id: device.id,
                 complianceState: device.complianceState,
                 serialNumber: device.serialNumber
             };
         });
         return objects;
     }
   
     function handle(event) { //event is jsonDictionary
         let config = JSON.parse(ctx.getConfig());
         let trigger_name = config.triggerEventName;
   
         ctx.log("INFO", "IntuneHandler event=" + event);
         let input = JSON.parse(event);
   
         let eventName = input['eventName']
         ctx.log("INFO", "IntuneHandler eventName=" + eventName);
   
         let entityIdOrName = input['entityIdOrName']
         ctx.log("INFO", "IntuneHandler entityIdOrName=" + entityIdOrName);
   
         if (eventName === trigger_name){
             try{
                 let clientId = config.clientId;
                 let clientSecret = config.clientSecret;
                 let tenantId = config.tenantId;
   
                 let params = "client_id="+ clientId +
                 "&client_secret=" + clientSecret +
                 "&grant_type=client_credentials" +
                 "&scope=https://graph.microsoft.com/.default";
   
                 let baseUrl = "https://login.microsoftonline.com/";
                 let tokenUrl = baseUrl + tenantId + "/oauth2/v2.0/token";
                 let contentType = "application/x-www-form-urlencoded";
                 let tokenResp = ctx.httpPost(tokenUrl, params, {"Content-Type": contentType}); // get token
                 let tokenStatus = JSON.parse(tokenResp).statusCode;          
   
                 if(tokenStatus === 200){
                   
                   let tokenBody = JSON.parse(tokenResp).body;
                   let token = JSON.parse(tokenBody).access_token;
   
                   // Get InTune devices
                   let intuneBaseUrl = "https://graph.microsoft.com";
                   let getDevicesUrl = "/v1.0/deviceManagement/managedDevices?$select=id,complianceState,serialNumber";
                   let graphApiUrl = intuneBaseUrl + getDevicesUrl
                   let graphApiContentType = "application/json";
                   let headers = {
                     "Content-Type": graphApiContentType,
                     "Authorization": "Bearer " + token
                   };
                   let intuneResp = ctx.httpGet(graphApiUrl, headers)
                   let status = JSON.parse(intuneResp).statusCode;
                   ctx.log("FINE", "IntuneHandler Graph Call status=" + status);
   
                   if(status === 200){
                     let body = JSON.parse(intuneResp).body;
                     let deviceData = JSON.parse(body).value;
                     ctx.log("FINE", "IntuneHandler: deviceData=" + deviceData)
   
                     let deviceDataMap = parseIntuneData(deviceData);
                     deviceDataMap.forEach(device => {
                       ctx.log("FINE", "IntuneHandler: device=" + device)
                       ctx.saveEvent("Intune", eventName, device.serialNumber, device);
                     });
   
     //               input["entityIdOrName"] = trigger_name
                     input["isSuccessful"] = true;
   
                   } else {
                     input["entityIdOrName"] = trigger_name
                     input["isSuccessful"] = false;
                     input["errorMessage"] = "IntuneHandler msg=Graph failed=" + status;
                   }
                   } else {
                     input["entityIdOrName"] = trigger_name
                     input["isSuccessful"] = false;
                     input["errorMessage"] = "IntuneHandler ErrorMsg=token failed=" + tokenStatus;
                   }
   
             } catch (ex) {
                 input["entityIdOrName"] = trigger_name
                 input["isSuccessful"] = false;
                 input["errorMessage"] = "IntuneHandler ErrorMsg=" + ex.toString();
             }
         } else {
             ctx.log("FINE", "eventName is different : " + eventName + " .Skipping");
         }
   
         return input;
     }
   
     ctx.log("INFO", "Intune EventHandler Done");
   
     handle(ctx.getEventAsJson());

10. Click Send Signal. On the right underneath Input find the results. Within these results you will see devices and their compliance status, similar to the example shown here.