Intune: Generate Credentials

This appendix walks you through Azure AD app registration, API permission setup, and client credential generation for the Intune plugin.

In this Appendix we will see how to generate client credentials and provide necessary permissions.

1. Login to https://portal.azure.com with email address and password (else register for a new account).

2. Click on Azure Active Directory from a column on the left side as below.

   

3. Search for properties.

   

4. The Tenant ID required in the plugin is the ID mentioned under Directory ID. In case the ID is not available you may get Tenant ID as mentioned in step 8 below.

   

5. To get the Client ID, click on App registrations under Azure Active Directory.

6. Create a new App by clicking on New Registration.

   

7. Enter the application name select account types and click on Register.

   

8. After clicking on Register, under Overview of the newly generated Application you can find the Application (client) ID/ Client ID. Also, you can find Directory (tenant) ID/Tenant ID below Client ID.

   

9. To generate client secret, click on the Certificates & Secrets and then click on + New Client Secret.

   

10. Now enter the Description, Expiry, and click on Add.

    

11. Copy the value of the client secret as it will be not visible the second time.

    

12. Click on API Permission and then click on Add Permission.

    

13. Click on Microsoft Graph, and then click on Application permissions.

    

14. Select Application permission.

    

15. Search and select the required permission. Click on Add Permission.

    

16. This will redirect back to API Permission. In the Grant Consent section, click "Grant admin consent for….".

    

17. It will prompt for confirmation, click on Yes.

    

18. Similarly, we can assign the permissions required by Intune Plugins mentioned below:

    • DeviceManagementManagedDevices.PrivilegedOperations.All
    • DeviceManagementManagedDevices.ReadWrite.All