BI for Intune Installation Guide

Azure AD Application Registration Using Azure Cloud Shell

Prerequisites:

  • User performing these steps requires global admin rights

  • Use the following link to Launch Cloud Shell.

  • Login with a Global Admin account.

  • Select PowerShell when prompted

  • If prompted to do so, create a cloud storage account. The storage account is only used during the creation of the App Registration.


Attention: Depending of your browser, copy and paste the code below can add extra line. Make sure there are no empty lines before running this code.

### Edit $appName to make the Azure AD App name to match your preferences ###

$appName = "bi_for_intune"

$app = az ad app list --filter "DisplayName eq '$($appName)'"

if(($app | ConvertFrom-Json).Count -gt 0)

{

$app0 = ($app | ConvertFrom-Json)[0]

$appId = $app0.appId

#Delete old permissions

az ad app permission delete --id $appId --api 00000003-0000-0000-c000-000000000000

}else{

$app = az ad app create --display-name $appName

$appId = ($app | ConvertFrom-Json).appId

}

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 7ab1d382-f21e-4acd-a863-ba3e13f7da61=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions b0afded3-3588-46d8-8b3d-9842eff778da=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 06a5fe6d-c49d-46a7-b082-56b1b14103c7=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 58ca0d9a-1575-47e1-a3cb-007ef2e4583b=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 2f51be20-0bb4-4fed-bf7b-db946066c75e=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 7a6ee1e7-141e-4cec-ae74-d9db155731ff=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions dc377aa6-52d8-4e23-b271-2a7ae04cedf3=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 246dd0d5-5bd0-4def-940b-0421030a5b68=Role

az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 230c1aed-a721-4c5d-9cb4-a90514e508ef=Role

az ad app permission admin-consent --id $appId

az ad app credential reset --id $appId --credential-description "Primary" --years 5

Read-Host -Prompt "Press Enter to exit"

  • Upon successful completion the script will return an App ID, name, password, and tenant ID. It is VERY important that you record this information. The password cannot be retrieved once you've closed out of Cloud Shell.

  • Record the values as follows:

    • appId: Referred to as the 'ClientID' later in this documentation.

    • password: Referred to as 'Secret Key' later in this documentation.

    • tenant: Referred to as 'Azure Tenant ID' later in this documentation.

  • Re-running the script will generate a new password as well as extend the credential validity period. Ensure that you make note of the password each time that the script is run.