How to Built Intune App Registration
Intune App registration will help you Access Intune Data with PowerShell.
- Microsoft Intune used Microsoft Graph API to access Intune Data.
- App registration is required to create under Azure AD with the specific roles and permissions.
- You can use C# or PowerShell language to access the Intune data.
- App registration Mainly used for the Automation.
- It will provide you a user less authentication to access the Intune data.
App Registration Benefits-
- App Registration will help you to access Intune data without any User Name and password ( User less authentication).
- You can generate report or pull any data by using Graph API.
- Enrolled device count or list.
- Device Compliance Status.
- Apps Details and other reports.
- Take a action on Device, Apps and other.
- Can Sync multiple devices.
- Remove, delete or add devices.
- Can perform action on Apps, configurations or compliance.
- Can used on Scheduled based automations or task.
Configuration for Intune App Registration
Login to the Azure AD portal and click on App registration.
Click on New Registration
Fill the App Registration name and select the Single or Multitenant option the click on Register.
Now App registration created and can se the Application ID, Tenant ID and other information in below screen shot.
Click on Branding & Properties if you want to set it or can ignore it, it not a mandatory.
Click on Authentication and validate the Tenant type.
Select Certificate & Secret option to and click on New Client Certificate.
Fill the Certificate and Expires time.
Now you copy the certificate value as showing in screen. This will visible until you refresh the page. Value can’t be recover if you lost it. This Secret code will use in PowerShell code for automation.
Token configuration is not mandatory.
Here is the important option for API permission for your Intune. Click on App permissions and then Add a permission.
Click on Microsoft Graph.
Click on Application permission.
Select the below permission name or follow the Microsoft article.
|Enable Access setting||Scope name|
|Perform user-impacting remote actions on Microsoft Intune devices||DeviceManagementManagedDevices.PrivilegedOperations.All|
|Read and write Microsoft Intune devices||DeviceManagementManagedDevices.ReadWrite.All|
|Read Microsoft Intune devices||DeviceManagementManagedDevices.Read.All|
|Read and write Microsoft Intune RBAC settings||DeviceManagementRBAC.ReadWrite.All|
|Read Microsoft Intune RBAC settings||DeviceManagementRBAC.Read.All|
|Read and write Microsoft Intune apps||DeviceManagementApps.ReadWrite.All|
|Read Microsoft Intune apps||DeviceManagementApps.Read.All|
|Read and write Microsoft Intune Device Configuration and Policies||DeviceManagementConfiguration.ReadWrite.All|
|Read Microsoft Intune Device Configuration and Policies||DeviceManagementConfiguration.Read.All|
|Read and write Microsoft Intune configuration||DeviceManagementServiceConfig.ReadWrite.All|
|Read Microsoft Intune configuration||DeviceManagementServiceConfig.Read.All|
Now select the option “Grant admin consent” to allow the permission.
After allowing the consent it will look Granted.
You can assign multiple Apps owner to manage it.
You can assign Roles and permissions also if required but it not mandatory.
Now, finally your App Registration is ready to use.
Collect Application ID, Tenant ID and Secret Code to use in PowerShell Code.