Manually Register Azure AD Application

Prerequisites:

• User performing these steps requires global admin rights

• Login to portal.azure.com using a global administrator account.

• Search for and select App registrations.

• Select New registration.

• Enter a name for the application. This will not be seen by anyone other than admins.

• Specify who can use the application as Accounts in this organizational directory only.

• Select Register.

1. Select API permissions.

• Remove the User.Read permission.

• When prompted to remove the permission, select Yes, remove.

• Select Add a permission.

• Select Microsoft Graph.

• Select Application permissions.

• Search for DeviceManagement.

• Select the following permissions:

  • AuditLog.Read.All

  • DeviceManagementApps.Read.All

  • DeviceManagementConfiguration.Read.All

  • DeviceManagementManagedDevices.Read.All

  • DeviceManagementRBAC.Read.All

  • DeviceManagementServiceConfig.Read.All

  • Directory.Read.All

  • Policy.Read.All

  • Reports.Read.All

  • Log Analytics.Data.Read (only required for Win10 install software inventory)

• Do not select the Add permissions button until completing the following two steps.

• Search for Directory.

• Select the following permissions

  • Directory.Read.All

• Do not select the Add permissions button until completing the next step.

• Search for AuditLog.

• Select the following permissions:

  • AuditLog.Read.All

• Do not select the Add permissions button until completing the next step.

• Search for Policy.

• Select the following permissions:

  • Policy.Read.All

• Do not select the Add permissions button until completing the next step.

• Search for Reports.

• Select the following permissions:

  • Reports.Read.All

• Select Add permission.

• Select Grant admin consent for 'your company name'.

• When prompted select Yes to add the permissions.

• Select Certificates & secrets.

• Select New client secret.

• Enter a meaningful Description.

• Select Never expires.

• Select Add.

• Copy the Client secret and save it somewhere safe. Once you leave this page you cannot retrieve the client secret again.

• Select Overview.

• Copy and save the Application (client) ID.

• Copy and save the Directory (tenant) ID.

• Log out of the Azure portal.

Next: BI for Intune Installation