Today I want to introduce you to my Intune EPM Companion Power App. In my first blog post about Intune EPM (Intune Endpoint Privilege Management – Mike’s MDM Blog (mikemdm.de)), I showed you how the then new support approved flow allows your users and admins to get admin rights for a specific application on demand and very quickly.
One thing that I noticed is, I find myself often in the situation that I’m on site at my user to identify issues that I can’t fix remotely. Now while you obviously can use the Intune console from a mobile browser on your phone, personally I find it not really optimized for mobile browsers:
So, I decided to create a little companion App for EPM support approved requests using Power Apps. It will only show you requests that are currently in status “pending” and will allow you to easily approve or deny a request:
Creating the Companion App
App registration
Let’s start with registering the Entra App registration, that we will use to authenticate from within the Power App / Powe Automate Flow. In the Entra Portal, we can crate our new App registration:
Give it a name and register it:
First thing you can note, is the tenant id and the client id from the overview page, we will need both later in our Power Automate Flows:
Once we have that ready, we can assign the needed API permission (DeviceManagementConfiguration.ReadWrite.All) to the App registration:
And grant the admin consent the for the tenant:
Last thing we need to do in the App registration is, we need to create an application secret. For a productive workload, I would recommend using a certificate instead.
If you go with a secret, make sure to store it somewhere save, as you can’t view it again later:
Import the Power App
Now that we have all prerequisites fulfilled, we can start with importing of the Power App. Let’s start at make.powerapps.com in the Apps blade:
Download the Template from my GitHub: PowerApps/EPMCompanion_20240825090229.zip at main · mmeierm/PowerApps (github.com)
Then select the downloaded zip:
And import the App:
Once it is imported successfully, we can went on with modifying our Power Automate Flows.
Power Automate Flow
Let’s start at make.powerautomate.com. In the My flows blade, you should be able to find our newly imported two flows used in the EPM Companion.
We will have to edit both to add our App Registration information and then turn them on. In both flows, we need to have a look at the HTTP step:
Replace the tenant id, the client id and the secret / certificate with the values that we noted before:
Once done, make sure to turn the flow on:
Repeat the same for the second flow, so now both flows are configured and turned on:
Power App
Finally, we can go back to our Power App and give it a try:
Once you start the app and click on “Get Elevation Requests”, we start to see open requests:
We can click on every request to get more details:
Type in a reason and approve:
Or deny it:
Once you’re done with your decision, you will see the result in the Intune Portal:
Conclusion
I think the EPM Companion can make the life of us admins easier, by allowing us to quickly approve (our own) requests on site, without having to navigate through the Intune Portal on our phones. Personally, I would like to see the Intune Portal more optimized for mobile browsers in the future, but until that, this low code solution makes at least my life easier.
Leave a Reply