Snipe IT and Azure: Asset Management Info in Intune!
Using APIs to fill in asset details in Intune under the device's note section!
Introduction
The script uses Microsoft Graph API and the Snipe IT API to query information from Snipe regarding the asset, and it feeds it back into Intune under the device’s notes. This article will show you how to set this up in your own organization. Currently, the script will writeback the Asset Tag, Status information, and the current checked out user from Snipe.
Pre-requisite
Outside of having to have accounts for both Snipe and Azure with privileges, the biggest pre-requisite is that you must have your device’s Serial Number field filled in for your devices in Snipe IT. This is how the script knows which asset in Snipe is the same as a device in Azure.
Also note, the way the script is now, this will remove any other notes that are made and overwrite them.
Overview of how the script works
The script pulls all devices from Azure.
The script will then query each device it pulled from Azure by serial number and see if it exists in Snipe IT.
If the device exists in Snipe IT, it will then query for additional information and set a variable equal to the information we desire.
After this, it will then upload the information from Snipe to the notes field of the device in Azure, before moving to the next device.
Devices that do not exist in Snipe will be given a message in the notes field saying it is not currently an Asset.
Download the Script
First, we will need to download the script. I have it available on my GitHub.
GitHub - SnipeIT-InfoImportToIntuneSample.ps1
After we create our APIs, we are going to fill in information from each at the top of our script.
Creating the Snipe API
First, you will need to log into Snipe API and click on your profile in the top right, then Manage API Keys
Click Create New Token
Give it a name. As soon as you do, it will show you a long string. Copy this and keep it somewhere safe, after you close the window there is no way to view it again. You will also want to paste this in our script on line 2. The variable will look something like this after it is filled in. Note that Bearer must come before your token.
$SnipeToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1N…”
Next, on the API Keys page in Snipe, it also has your base API URL in the right corner. We will want to copy this down on the next line. It will look something like this.
$SnipeAPIBase = "https://domain.snipe-it.com/api/vi"After this we have the information we need from Snipe.
Creating the Graph API App
First, go to the Azure AD Portal
Next, go to App registrations from the side bar.
Click New registration in the top left corner.
Here you will give it a name. Choose the first option for supported account types and use Public client with http://localhost for your Redirect URI
On the next screen, you will be able to get your Client ID and Tenant ID. Copy these values and paste them into the script on lines 6 and 8.
Next, go to API Permissions from the side bar. Click Add permission > Microsoft Graph > Application Permissions > Click the DeviceManagementManagedDevices drop down and give it all 3 permissions.
After this, click the Grant admin consent for organization button at the top of the API Permissions page.
Next, go to Certificates & secrets from the side bar. Click New client secret. Choose a name and an expiration for it.
Similar to the Snipe Token, after you create the secret, you will only be able to see its value once, on this page. Go ahead and copy the value of your secret and save it somewhere. We will also want to plug it into our script on line 7.
Using the script
After this you are almost ready to use the script! One thing you will need to do is install the module that is imported at the top of the script. The command to do this is:
Install-Module Microsoft.Graph.Beta.Devicemanagement
Once you have this installed on the computer you wish to run it on, I would recommend letting it run on a few computers, then using control + c to cancel the script so you can check to make sure the notes field is updating in intune on the correct devices.
As the script goes, it lists the devices by serial that it has updated/processed. Once it finishes, it will give you the number of devices processed and the time it took to run.
Long term, I would recommend putting this script on a computer and creating a scheduled task to kick off the script at the end of the workday. This way the notes field is kept up to date fairly consistently.
Closing notes
I feel like I should note that this script may not be the best solution for every organization, but it does help mine a lot being able to see the devices checked out to a user from Intune so we can make sure our Primary users and Asset management are somewhat in sync. If you’re good with coding I highly recommend you take the script and make it work to your company’s needs. Snipe and Microsoft Graph both have some great documentation.
Next on my list is to create a user sync from Intune to Snipe to automatically create users. Stay tuned!