Client Hardware Security Integrations
      Back to home
      1. Knowledge Base
      2. Prelude Monitor
      3. Client Hardware Security Integrations

      Intel Client Security Integration

       

      The Intel Client Security Integration takes advantage of Intel Innovation Platform Framework (IPF) Discovery toolset to enumerate the available hardware security features as well as their configuration.  The Intel integration utilizes existing Microsoft InTune deployments to run the IPF tooling and extract the desired level of hardware security information.  

      The integration can be configured in 2 ways, manual and automated.  This document will outline the automated method, please contact your Technical Account Manager for manual configuration.  

      Automated Setup

      Navigate to Monitor Integrations page - https://platform.us1.preludesecurity.com/account/integrations/monitor

      Click on + Add an Integration

      Click Connect with Microsoft Entra ID

      Permissions Required - The initial setup step requires a one-time login with Global Admin or App Admin permissions.  This login will configure the App Registration as well as the InTune Remediation Script that is used for custom inventory collection.  

      The App Registration will extend your existing Monitor app registration to include the following permissions:

      • DeviceManagementScripts.Read.All
      • DeviceManagementManagedDevices.Read

      Setup will create an InTune Remediation Script targeting all Windows devices.  The InTune remediation script will be named:

      Intel TDT Hardware Security Assessment:PRELUDE_ACCOUNT_ID

       
      The script only includes a detection phase and the Intel Discovery data is returned via the graph api.  Organizations can edit the script targeting and frequency to meet their needs.  

      Enforce Script Signature Check - The Prelude monitor script is digitally signed, but requires organizations to deploy a new certificate trust to enable script checking.  Please consult your technical account manager for details.

      Import/Sync Frequency

      The Intune Management Extension checks in on a schedule set within InTune, it may take several hours before you start to see data returned from the InTune remediation script.  You can check the status within the Device Status view of the remediation script, click to display the Pre-remediation detection output column.  

      Once data is returned from the remediation script, you can manually force a Monitor sync by clicking Sync All Integrations from the Monitor Integrations page.