How to configure the Microsoft Intune Integration as a Microsoft SI

Microsoft Procedures
References to any Microsoft-related procedures are accurate as of date of this topic being published / updated, and N-able does not guarantee their accuracy or validity.

SI stands for System integrator. These are customers that want to manage their own account, they have a single tenant and they buy the subscription directly from Microsoft. In N-central we give SI customers the ability to be managed by their MSP. For an MSP to be able to manage the SI customer on N-central they need a SI tenant themselves.

Using the System Integrator (SI) Microsoft Intune account, as the MSP you will manage your customers M365 Services through your customers' own subscriptions/tenants.

This type of N-able N-central integration requires that you as the MSP set up integration directly to your customers Intune account for each of your customers. As this is a direct setup from the customer to MS Intune, there is no customer mapping. The recommended setup is to use the CSP model if available.

CSP and SI Cannot Co-exist
A CSP setup and SI setup cannot coexist under the same SO in this release of N-central.
Can I mix CSP and SI on the Same N-central Service Organization?
No, it isn’t possible to mix the CSP and SI setup, When the MSP does the setup SO Level, they will either the CSP account or SI account, once that is completed it can’t be changed unless we reset the setup.

If they have used the CSP account, they get to list all the customers they are under contract and they can map it to the corresponding N-central customer.

If they have used the SI account, the SI setup will be completed and then under each customer, they can ask the customer who wants their Intune managed through to provide them with the account that has a global admin account, they can execute the setup on the N-central customer using that account.

The SI model should ONLY be used when the CSP model is not available or will not work. The CSP model is the ideal setup for N-able N-central.

1. In N-able N-central:

  1. Verify that your user account has Integration Management Administrative permissions to manage integrations.

  2. At the SO level, navigate to Integrations > Integrations Management.

  3. Click Activate on the line that includes Microsoft Intune.

  4. Confirm that Microsoft Intune is shown as being activated with the “Setup needed“ status:

2. In Microsoft Intune:

  1. Verify that the account being used is NOT a CSP-level account:

    The account you are using cannot have 'Intune' in the name. 

    1. In another browser tab, go to Microsoft Partner Center.
    2. Login with an account that has the Global administrator role for the tenant in Intune.
    3. Go to the Dashboard view.
    4. In the window pane on the right, verify that child customer accounts DO NOT display.

3. In N-able N-central:

Before you begin the setup at the customer level, you will need to complete the setup process at the Service Organization level using the tenant account. Please be careful of which tenant account you use. For all customers that are under that Service Organization level, in the Setup process, you will need to use:

  1. tenant accounts that are in the same organization as the tenant you use at the SO level

  2. user accounts of the tenant you use at the SO level.

After you choose the tenant account, you will need to follow the next steps:

  1. Navigate to the Service Organization level, and go to Integrations > Microsoft Intune > Setup.

  2. Click Open Microsoft Identity Platform to launch the Intune authentication. This will launch a Microsoft authentication window.

  3. Log in with your tenant account.

  4. Click Accept to accept the MS Intune Application.

  5. The following message will display: You have successfully authenticated this Microsoft Intune account with N-central. You can close this window.

  6. Navigate to the Customer Level for the customer that you are configuring, and go to Integrations > Microsoft Intune > Setup.
    A prompt will ask you to authenticate the account using the Microsoft Identity Platform.
  7. Click Open Microsoft Identity Platform to launch the Intune authentication.This will launch a Microsoft authentication window.
  8. Login with your customer's Intune administrator account, or your credentials for that customer. These credentials are specific only to the customer you are setting up.
  9. Accept the MS Intune Application.
    The following message will display: You have successfully authenticated this Microsoft Intune account with N-central. You can close this window.

4. In Microsoft Intune:

  1. Go to Microsoft Azure Portal.
  2. Confirm that the app has been added to your user account. Click Enterprise applications in the Manage pane. Here, you should see your application and the N-central Ecosystem Application (that is created by default).

5. To set up additional customers

Repeat steps 2, 3, and 4, for each customer you wish to set up SI integration with.

After approx. 1 hour, with a successful setup you will see a confirmation box on the N-Central Setup page: