photo 1550418290 a8d86ad674a6

It’s remarkably easy to create a custom connector

Developing an application isn’t that something that only developers are doing? Yes, I can imagine that this is your first response. However, I have learned that this is not true. I was inspired by my co-worker Django Lohn to explore the potential of PowerApps. I soon figured out that a PowerApp can utilize Microsoft Flow, which can exchange web-API call like “get, update or post or delete” ( Graph API ).

So I started modifying endpoint manager (Intune) resource via code requires knowledge of the Graph API. In this blog, I describe the steps that you can take to create your first custom connector. The custom connector is a part of the PowerApp to exchange data. Don’t be scared to follow the steps; I didn’t any experience creating modern workplace accelerators like the PowerApps for autopilot (scan a QR). An inspiration for me is the quote of Mr. Roosevelt.

“It is common sense to take a method and try it. If it fails, admit it frankly and try another. But above all, try something.”

― Franklin D. Roosevelt

Azure Enterprise application

Take one step back; before you create the custom connector you need to have an Azure Enterprise app/app registration. Powerapps like the Intune autopilot scanner app requires an app registration (even in the same tenant). You must configure properties like which API calls are accessible (read/write). Basically, you built a trust-relation between the app and the resources in Azure. The first step is to create an Enterprise application.

DescriptionScreenshot
Create a new enterprise applicationNew application
Create your own applicationCreate your own application
Fill in the name of your application like [WorkplaceAsCode – Custom connector]
Choose the option – Integrate with another application you don’t find in the gallery.

Click on the button create. The Enterprise app and app registration is created within a couple of seconds.
Integrate any other application
The properties page of the new enterprise application opens automatically. Configure the following options to ensure the PowerApp platform controls who can use and view the application.

– User assignment required – No
– Visible to users – No
No user assignment or visible
Create and configure the Enterprise application

Azure App registration

The second step is to configure the App registration.

DescriptionScreenshot
Open the app registration blade and search for your application. (the name is equal to the Enterprise application).

Create a new client security key and save the key. This key is only showed one time! We need this key later when we create the custom connector.
Client security key
Set the API permissions for the autopilot QR code reader the following are required.
DeviceManagementServiceConfig.ReadWrite.all
Directory.Read.All

(Application permissions) – The user authenticates to PowerApp!
API permissions
Give the admin content on behalf of the organization, this avoids a scenario where any application user needs to do this. Content for the requested permissions
Set the authentication for web redirected URL’s to;

http://localhost/powerappsgraph

-and
https://global.consent.azure-apim.net/redirect
Autentication
Create and configure the App registration

Custom connector

I compare the custom connector with glue because it fuses the PowerApp and the Graph API. You can use the custom connector not only for a Power app but it’s also (re)usable for a logic app or flow.

DescriptionScreenshot
Create a new custom connector from blank. Custom connector Create
Fill in the general details, only the host is a required field. We want to make a connection to the Microsoft Graph API. The hostname is; graph.microsoft.comCustom connector General
Security is important to avoid for example accidental removing workplaces In the previous chapter you configured the API permissions. On this page, you need to choose the authentication type and OAuth 2.0 details.

Authentication type = OAuth 2.0
Identity provider = Azure Active Directory
Client ID = The application ID of the app registration
Client secret = The client secret created in the previous step
Login URL = https://login.windows.net
Redirect URL = https://global.consent.azure-apim.net/redirect
Custom connector - Security
This is an important step because you need to determine the operations that users can perform. In the autopilot QR code reader application, we need three definitions.

Definition 1 – Get All autopilot devices

General
Summary = GetAllAutopilotDevices
Description = GetAllAutopilotDevices
OperationID = GetAllAutopilotDevices

Request
Type = Get
URL = https://graph.microsoft.com/beta/deviceManagement/
windowsAutopilotDeviceIdentities

Response
Default
4_3_1 Definition General
4_3_2 Definition Request
Definition 2 – Get all users

General
Summary = GetAllUsers
Description = GetAllUsers
OperationID = GetAllUsers

Request
Type = Get
URL = https://graph.microsoft.com/v1.0/users

Response
Default
Definition - General - All users
Request - All users
Definition 3 – Update autopilot devices

General
Summary = UpdateAutopilotDevice
Description = UpdateAutopilotDevice
OperationID = UpdateAutopilotDevice

Request
Type = POST
URL = https://graph.microsoft.com/beta/devicemanagement/
windowsautopilotdeviceidentities/{AutoPilotDevice}/
UpdateDeviceProperties
Path = AutopilotDevice
Body = body (required Grouptag + userPrincipalName)

Response
Default
Definition - General - Update Autopilot
Definition - Request - Update Autopilot
Create and configure the custom connector

Summary

Creating a custom connector for the first time is difficult. However, the process is straight-forward. There are many potential scenarios where you can use a custom connector to make workplace management via Intune easier.

💡 What do you want to automate to simplify modern workplace management? I encourage you to share your ideas with me.

Leave a Reply

Your email address will not be published. Required fields are marked *