BI for Intune Installation Guide

Azure AD Application Registration Using Azure AD CLI


  • Azure AD CLI needs to be installed.

  • The user performing these steps requires global admin rights.

  • Login to Azure AD as a Global Admin using the following PowerShell code:

    • When prompted, enter the Global Admin username and password.

$adminUserName = Read-Host -Prompt 'Input the username'

$adminPassword = Read-Host -Prompt 'Input the password' -AsSecureString

az login -u $adminUserName -p $adminPassword

  • Create the Azure AD App Registration using the following PowerShell code:

    • The sample code will create an App with the name, "bi_for_intune" however, to change the app name, you can edit the script before running it.

    • The same code sets the password validity period for 5 years. You may customize this to your liking. .

Attention: Depending of your browser, copy and paste the code below can add extra line. Make sure there are no empty lines before running this code.

### Edit $appName to make the Azure AD App name to match your preferences ###

$appName = "bi_for_intune"

$app = az ad app list --filter "DisplayName eq '$($appName)'"

if(($app | ConvertFrom-Json).Count -gt 0)


$app0 = ($app | ConvertFrom-Json)[0]

$appId = $app0.appId

#Delete old permissions

az ad app permission delete --id $appId --api 00000003-0000-0000-c000-000000000000


$app = az ad app create --display-name $appName

$appId = ($app | ConvertFrom-Json).appId


az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 7ab1d382-f21e-4acd-a863-ba3e13f7da61=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions b0afded3-3588-46d8-8b3d-9842eff778da=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 06a5fe6d-c49d-46a7-b082-56b1b14103c7=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 58ca0d9a-1575-47e1-a3cb-007ef2e4583b=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 2f51be20-0bb4-4fed-bf7b-db946066c75e=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 7a6ee1e7-141e-4cec-ae74-d9db155731ff=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions dc377aa6-52d8-4e23-b271-2a7ae04cedf3=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 246dd0d5-5bd0-4def-940b-0421030a5b68=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 230c1aed-a721-4c5d-9cb4-a90514e508ef=Role

az ad app permission admin-consent --id $appId

az ad app credential reset --id $appId --credential-description "Primary" --years 5

Read-Host -Prompt "Press Enter to exit"

  • Upon successful completion the script will return an App ID, name, password, and tenant ID. It is VERY important that you record this information. The password cannot be retrieved once you've closed out of Cloud Shell.

  • Record the values as follows:

    • appId: Referred to as the 'ClientID' later in this documentation.

    • password: Referred to as 'Secret Key' later in this documentation.

    • tenant: Referred to as 'Azure Tenant ID' later in this documentation.

  • Re-running the script will generate a new password as well as extend the credential validity period. Ensure that you make note of the password each time that the script is run.