Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ravenna.ai/llms.txt

Use this file to discover all available pages before exploring further.

Connect to Microsoft Intune using OAuth with admin consent
This guide walks you through connecting your Microsoft Entra ID tenant to Ravenna for Intune device management.

Prerequisites

Before you begin, ensure you have:
  • Global Administrator or Intune Administrator role (required to grant admin consent)
  • Devices enrolled in Microsoft Intune

Setup guide

1

Navigate to integrations

  1. Go to Settings > Integrations
  2. Find Microsoft Intune in the Device Management section
2

Start OAuth flow

Click Connect with Intune to begin the OAuth authorization flow. You will be redirected to Microsoft to sign in.
3

Grant admin consent

Sign in with an administrator account and grant consent for the requested permission:
DeviceManagementManagedDevices.Read.All
permission
required
Allows Ravenna to read managed device information and compliance status from your Intune tenant.
Admin consent is required. If you do not have sufficient permissions, ask your Global Administrator to approve the consent request.
4

Complete setup

After granting consent, you are redirected back to Ravenna. The integration validates the connection by:
  1. Extracting your tenant ID from the Microsoft token
  2. Testing connectivity to the Microsoft Graph API
  3. Verifying the DeviceManagementManagedDevices.Read.All permission is granted

Troubleshooting

Cause: The DeviceManagementManagedDevices.Read.All permission has not propagated yetSolution:
  • Wait a few minutes for permission propagation across Microsoft services
  • Retry the connection from Ravenna
  • Verify the permission is listed under “API permissions” in your app registration in the Azure portal
Cause: Ravenna could not resolve the requester to a Microsoft Entra ID user, or the user has no devices assigned to them in IntuneSolution:
  • Verify the requester exists as a user in your Microsoft Entra ID (Azure AD) tenant
  • Confirm the user has devices enrolled in Intune with their Entra account set as the primary user
  • If the requester’s email differs from their Entra UPN, ensure their email is listed as a verified or proxy address on the Entra user so Ravenna can match them
Cause: The OAuth access token has expired or been revokedSolution:
  • Ravenna automatically refreshes tokens, but you may need to reconnect if the refresh token is also invalid
  • Disconnect the integration and reconnect with OAuth
  • Verify the app registration is still enabled in Entra ID
  • Check that the service principal has not been deleted or disabled