How to Built Intune App Registration

Intune App registration will help you Access Intune Data with PowerShell.

  • Microsoft Intune used Microsoft Graph API to access Intune Data.
  • App registration is required to create under Azure AD with the specific roles and permissions.
  • You can use C# or PowerShell language to access the Intune data.
  • App registration Mainly used for the Automation.
  • It will provide you a user less authentication to access the Intune data.

App Registration Benefits- 

  • App Registration will help you to access Intune data without any User Name and password ( User less authentication).
  • You can generate report or pull any data by using Graph API.
    • Enrolled device count or list.
    • Device Compliance Status.
    • Apps Details and other reports.
  • Take a action on Device, Apps and other.
    • Can Sync multiple devices.
    • Remove, delete or add devices.
    • Can perform action on Apps, configurations or compliance.
  • Can used on Scheduled based automations or task.

Configuration for Intune App Registration 

Login to the Azure AD portal and click on App registration.


Click on New Registration

Fill the App Registration name and select the Single or Multitenant option the click on Register.



Now App registration created and can se the Application ID, Tenant ID and other information in below screen shot.



Click on Branding & Properties if you want to set it or can ignore it, it not a mandatory.



Click on Authentication and validate the Tenant type.


Select Certificate & Secret option to and click on New Client Certificate.



 Fill the Certificate and Expires time.


Now you copy the certificate value as showing in screen. This will visible until you refresh the page. Value can’t be recover if you lost it. This Secret code will use in PowerShell code for automation.



Token configuration is not mandatory.


Here is the important option for API permission for your Intune. Click on App permissions and then Add a permission.



Click on Microsoft Graph.


Click on Application permission.


Select the below permission name or follow the Microsoft article.

Enable Access settingScope name
Perform user-impacting remote actions on Microsoft Intune devicesDeviceManagementManagedDevices.PrivilegedOperations.All
Read and write Microsoft Intune devicesDeviceManagementManagedDevices.ReadWrite.All
Read Microsoft Intune devicesDeviceManagementManagedDevices.Read.All
Read and write Microsoft Intune RBAC settingsDeviceManagementRBAC.ReadWrite.All
Read Microsoft Intune RBAC settingsDeviceManagementRBAC.Read.All
Read and write Microsoft Intune appsDeviceManagementApps.ReadWrite.All
Read Microsoft Intune appsDeviceManagementApps.Read.All
Read and write Microsoft Intune Device Configuration and PoliciesDeviceManagementConfiguration.ReadWrite.All
Read Microsoft Intune Device Configuration and PoliciesDeviceManagementConfiguration.Read.All
Read and write Microsoft Intune configurationDeviceManagementServiceConfig.ReadWrite.All
Read Microsoft Intune configurationDeviceManagementServiceConfig.Read.All

Now select the option “Grant admin consent”  to allow the permission.


After allowing the consent it will look Granted.


You can assign multiple Apps owner to manage it.


You can assign Roles and permissions also if required but it not mandatory.


Now, finally your App Registration is ready to use.

Collect Application ID, Tenant ID and Secret Code to use in PowerShell Code.



One thought on “App Registration for Intune”

Comments are closed.