Setup - Ravenna Docs

Connect to Microsoft Intune using OAuth with admin consent

This guide walks you through connecting your Microsoft Entra ID tenant to Ravenna for Intune device management.

Prerequisites

Before you begin, ensure you have:

Global Administrator or Intune Administrator role (required to grant admin consent)
Devices enrolled in Microsoft Intune

Navigate to integrations

Start OAuth flow

Click Connect with Intune to begin the OAuth authorization flow. You will be redirected to Microsoft to sign in.

Grant admin consent

DeviceManagementManagedDevices.Read.All

permission

required

Allows Ravenna to read managed device information and compliance status from your Intune tenant.

Admin consent is required. If you do not have sufficient permissions, ask your Global Administrator to approve the consent request.

Complete setup

After granting consent, you are redirected back to Ravenna. The integration validates the connection by:

Admin consent not granted

API validation failed

Cause: The DeviceManagementManagedDevices.Read.All permission has not propagated yetSolution:

Wait a few minutes for permission propagation across Microsoft services
Retry the connection from Ravenna
Verify the permission is listed under “API permissions” in your app registration in the Azure portal

No devices found for user

Cause: The requester’s email does not match any device user principal names in IntuneSolution:

Verify the user has devices enrolled in Intune
Check that the device’s primary user matches the requester’s email address
Confirm the user principal name (UPN) in Entra ID matches the Ravenna user email

Token expired or invalid

Cause: The OAuth access token has expired or been revokedSolution:

Ravenna automatically refreshes tokens, but you may need to reconnect if the refresh token is also invalid
Disconnect the integration and reconnect with OAuth
Verify the app registration is still enabled in Entra ID
Check that the service principal has not been deleted or disabled

⌘I