Datadog for Intune

This guide provides step-by-step instructions to configure and deploy the Datadog for Intune mobile app within your organization.

Prerequisites

Before you begin, ensure the following requirements are met:

  • You have admin permissions in Intune, Azure, and Datadog
  • Users must download and install the Datadog for Intune app from their mobile app store or Microsoft Partner store.

For those looking to create a custom configuration using the mobile app bundle ID, see the links below:

PlatformStore LinkBundleID
iOS/iPadOSDatadog Intune on the App Storecom.datadog.flagship-intune
AndroidDatadog Intune on Google Playcom.datadog.app.intune

Initial Setup for Datadog for Intune

To get started, an Intune and Azure admin needs to configure the required settings. These are the minimum necessary steps to ensure Datadog for Intune functions correctly. Additional policies, such as those for configuration or conditional access, can be set up later.

Step 1: Add Datadog for Intune to Microsoft Intune admin center

  1. Open your Microsoft Intune admin center, navigate to the Apps tab, and click Add under the appropriate App type (iOS/iPadOS or Android):
    • For iOS/iPadOS: Select “iOS store app”, then search for “Datadog Intune.”
    • For Android: Select “Android store app”, then copy the required details from the Google Play store page.
  2. Assign the app to the relevant users and/or groups.

For additional guidance on adding an application to Intune, read Microsoft’s Intune Quickstart Guide.

Step 2: Apply an app protection policy

To enable users to register and sign in securely, an App Protection Policy must be applied. This ensures access to the app is protected by Microsoft Intune security settings.

  1. In the admin center, go to the Apps tab and select App Protection Policies.
  2. Create a policy for the appropriate platform (iOS and Android require separate policies).
  3. Add Datadog Intune to the policy.
  4. Configure your security settings and assign the policy to targeted users or groups.
  5. Click Save.

Note: It may take some time for the new App Protection Policy to be applied to all devices. You can verify the setup by following Microsoft’s guidance.

In this step, switch from the Intune admin center to the Azure portal for Microsoft Entra-ID.

Admin consent is required before users can register successfully. Follow these steps:

  1. Open Microsoft Entra-ID (formerly Azure Active Directory) and go to Enterprise Applications.
  2. Search for “Datadog”:
    • If it isn’t listed, click Add, then search for “Datadog” in the Microsoft Entra Gallery.
  3. Select Permissions, then click Grant admin consent for .

For additional support with application management settings, see the Microsoft documentation.

Note: If your organization has multiple “Datadog” applications configured, the one managing web and mobile app access has the Application ID f21cb7e8-00ab-4b0e-aa94-b1e2f674606d.

Datadog for Intune required permissions

Permissions are automatically added when configuring the application:

NameClaim ValuePermissionType
Microsoft GraphUser.ReadSign in and read user profileDelegated
Microsoft Mobile Application ManagementDeviceManagementManagedApps.ReadWriteRead and Write the User’s App Management deviceDelegated

Deploying Datadog Intune to mobile devices

When deploying to Android devices, users need to install the following:

For iOS devices, only Datadog - Intune is required, but the Company Portal app can be optionally installed.

On both platforms, the Microsoft Authenticator app can assist with sign-in if installed.

Troubleshooting

Device registration

If users encounter issues while registering their devices for Datadog Intune, administrators should verify the following configurations:

  • The admin consent has been granted on Microsoft Entra-ID.
  • An App Protection Policy is assigned to the user.
    • Note: It may take some time for policy updates to reach devices.
  • If a dedicated App Configuration Policy exists, ensure it contains the correct keys and values.

If registration issues persist, contact us at support@datadoghq.com with the Intune Diagnostics attached. To collect diagnostics:

  1. On the login screen, tap View Intune Diagnostics.
  2. Select Get Started and then Share Logs.

Further Reading

Additional helpful documentation, links, and articles:

Improve your on-call experience with Datadog mobile dashboard widgetsBLOG more more