A new tab, "Azure", has been added to organization settings page in upKeeper. Here an administrator can enter the required authentication settings for Microsoft Graph API - which is used to integrate Upkeeper with Azure.
To acquire the needed credentials to activate this integration the first step is to register Upkeeper as an application in Azure Active Directory. This is done in Azure Portal by clicking the menu item "Azure Active Directory" followed by "App registrations".
Click "New registration" and name the application "Upkeeper integration". Set the "Supported account types" to "Accounts in this organizational directory only". Click "register" to finish the application registration process.
Click on your newly registrated application and select "API permissions" in the menu to the left. Click "Add permission" and select "Microsoft Graph" followed by "Application permissions". Check the following permissions and click "Add permissions".
The application permissions must be granted by an administrator. This is done by clicking "Grant admin consent for <your company name>".
Next, click "Authentication" and click the checkbox "https://login.microsoftonline.com/common/oauth2/nativeclient ". Set "Treat application as a public client" to "Yes" and select "Accounts in this organizational directory only". Save the changes.
The next step is to add a client secret to the application. This is done by clicking "Certificates & secrets" in the applications menu, followed by "New client secret". Name the secret "Upkeeper integration" and select an appropriate expiration time. Copy the secret key and paste it into the organization settings Azure tab page in Upkeeper under "Client secret".
Navigate back to the main application registration for "Upkeeper integration" in Azure and copy and paste the "Application (client) ID" to the "Client ID" field and "Directory (tenant) ID" to the "Tenant ID" field in the Upkeeper Azure settings.
This integration can be further configured in the application server app.config file:
<add key="AutopilotFactoryResetKeepEnrollmentData" value="False" /> <add key="AutopilotFactoryResetKeepUserData" value="False" />
AutopilotFactoryResetKeepEnrollmentData controls whether or not a computer is removed from Intune after the factory reset has been completed.
AutopilotFactoryResetKeepUserData controls whether or not user data is preserved after the reset.