Tenable InTune MDM Integration: Application Authentication

Summary

In order to modernize our authentication standards, Tenable is announcing a new authentication option for the InTune Mobile Device Management (MDM) integration, called “application” authentication.

Details

When configuring an InTune Mobile credential, it is now possible to select between “user” and “application” authentication types. With user authentication, a user account is required as well as application credentials. With application authentication, the scanner requests API data on behalf of the application and not a user, therefore application credentials are required but user credentials are not.

Please note that the application authentication type requires a specific permissions configuration, specifically permissions must be of type “Application” rather than “Delegated”. Updates have been made to the Tenable and Microsoft Intune Mobile Device Management Integration Guide to provide steps to configure authentication.

For more information on the differences between user and application access scenarios, please refer to the Microsoft documentation: https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview#access-scenarios 

Impact

Customers are not required to update configurations at this time; existing scans will continue to use user authentication. We encourage customers to review the updated documentation. Customers who plan to enforce mandatory multi-factor authentication (MFA) for user accounts may wish to change to application authentication.

Release Date

7 April 2025 for Nessus and TVM, TBD for SecurityCenter