Skip to main content

Connection to MECM

A service account is required to connect MECM sites.


The web application is executed in the context of the service account (see IIS configuration) and the service account is also used to connect the MECM sites.

Permissions

No Configuration Manager console is required to work with Intune Manager.

Authorization and execution of all actions are done via the SMS_Provider of the respective MECM site.

With Intune Manager, it is possible to read existing MECM applications and import them into Intune. The following administrative permissions within MECM are required for this:

  • Application: Read
  • Collection: read; read resource;
  • Site: Read

The easiest way to provide these rights is to import a security role within the Configuration Manager console:

mecm-permissions1.png

The following XML file can be used to import this security role:

<SMS_Roles>
  <SMS_Role CopiedFromID="SMS0001R" RoleName="Intune Manager" RoleDescription="Intune Manager Role">
    <Operations>
      <Operation GrantedOperations="4097" ObjectTypeID="1" />
      <Operation GrantedOperations="1" ObjectTypeID="6" />
      <Operation GrantedOperations="1" ObjectTypeID="31" />
    </Operations>
  </SMS_Role>
</SMS_Roles>

Then the Service account is added to the administrative Users and assigned the previously create security role.

In the Administrative User's Workspace, the Administrative User can be added.

MECM - Add Administrative Users.png

Open the Add User or Group context menu.

MECM - Add Administrative Users Empty Add User.png

Use Browse to select the Service Account to be authorized.

In this example, the System-Account of the Server on Which Intune Manager is installed was used.

MECM - Add Users.png

After the Account has been selected, the authorization can be selected with Add.

MECM - Add Users Add Security Role.png

Here, the Previously created role Intune Manager must be selected.

Finally, the item All instances of the objects that are related to the assigned security roles must be selected.

MECM - Add Users All Instances.png

Then the Administrative User can be Created with OK.

MECM - User Added.png


Configuration Manager sites are connected via the appsettings.json File.