Support Tip: Another way to access Intune service health and notifications for your organization


~ Chaohao Xu | Sr. Software Engineer

As you may have already seen, we are migrating our service health data into the Office 365 management portal. We will also be utilizing the Office 365 portal for posting messages, including those for service deployments.

One benefit of this move is that your enterprise can now access the service health and notifications for your service via the Office 365 Service Communications API. This is especially valuable for our SCCM Hybrid customers. Read more on the new Office 365 Service Communications API preview.

These APIs are easy to use and I was able to complete basic integration in a couple of days. The documentation is quite complete, but I wanted to give you a bit more insight to my own experimentation.

In this blog we will cover how to create an application that is used to access the tenant data of your own tenant. Even though it will not be covered in this blog, keep in mind you can give access to your tenant data to multiple applications and you can also build an application where multiple tenants give access to the same application. These scenarios require office 365 tenant admin consent. Refer to Get started with Office 365 Management APIs for details.

There are four main steps to integrating the Office 365 Management APIs:

  1. Application registry in Azure Active Directory - In this blog, we will demonstrate the Service to Service Calls Using Client Credentials, which requires the application to be registered in the Azure AD of the same tenant as the Office 365 tenant. This is fairly straightforward, but remember to take a note of the Client ID and the X.509 certificate. They’re used to request a token from Azure AD later.
  2. Tenant admin consent to the application - If the application is registered in the Azure AD of the same tenant as the Office 365 tenant, the application will have access to the Office 365 tenants data by default. You will not have to go through the tenant admin consent process.
  3. Requesting access tokens from Azure Active Directory - There are several ways of requesting access tokens from Azure Active Directory, this blog will demonstrate how to use Azure AD Authentication Library (ADAL) to acquire the access token.
  4. Calling the Office 365 Management APIs -  Now that your application is set up with access to your service data, let’s begin pulling information!

The following demonstrates in code how to enable Service to Service Calls Using Client Credentials to get Intune Service Status by means of Office 365 Management API. Suppose we need to write an application to get Contoso’s Intune Service Health status.

  1. The application needs to create an authentication context, pointing to the tenant-specific Azure AD endpoint, which is https://login.microsoftonline.com/{your tenant name} In the code below, we use Contoso’s Azure AD endpoint.
    jpeg`1
  2. The application also needs a client assertion certificate credential. Use the app client Id and the X.509 certificate from the step “Application Registry in Azure Active Directory” to create one. In this example, we imported the X.509 certificate to the machine store. In the code, we find it by matching the thumbprint.
    uploadnewsnip
  3. Before the application calls the Office 365 Management API, it needs to acquire an access token to it using the client assertion certificate. Azure AD Authentication Library (ADAL) includes an in memory cache, so it will only send a message to the server if the cached token is expired.Capture3
  4. After the application gets the access token, it can call the Office 365 Management API using a http client. In the code below, it adds the access token to the authorization header of the request and then initiate a HTTP Get request to retrieve the current service status of Intune for Contoso.
    Capture_4
  5. Office 365 Management API returns JSON result, the following is a sample result returned with the above HTTP get request.Capture_6

Office 365 Management API can also be used to retrieve historical service status and messages posted in the Message Center. Again, find more details in the new Office 365 Service Communications API Preview. Hope this helps you use the Office 365 APIs!

Comments (0)

Skip to main content