BI for Intune Installation Guide

Manually Register Azure AD Application

Prerequisites:

  • User performing these steps requires global admin rights

  • Login to portal.azure.com using a global administrator account.

  • Search for and select App registrations.

  • Select New registration.

  • Enter a name for the application. This will not be seen by anyone other than admins.

  • Specify who can use the application as Accounts in this organizational directory only.

  • Select Register.

  1. Select API permissions.

  • Remove the User.Read permission.

  • When prompted to remove the permission, select Yes, remove.

  • Select Add a permission.

  • Select Microsoft Graph.

  • Select Application permissions.

  • Search for DeviceManagement.

  • Select the following permissions:

    • AuditLog.Read.All

    • DeviceManagementApps.Read.All

    • DeviceManagementConfiguration.Read.All

    • DeviceManagementManagedDevices.Read.All

    • DeviceManagementRBAC.Read.All

    • DeviceManagementServiceConfig.Read.All

    • Directory.Read.All

    • Policy.Read.All

    • Reports.Read.All

    • Log Analytics.Data.Read (only required for Win10 install software inventory)

  • Do not select the Add permissions button until completing the following two steps.

  • Search for Directory.

  • Select the following permissions

    • Directory.Read.All

  • Do not select the Add permissions button until completing the next step.

  • Search for AuditLog.

  • Select the following permissions:

    • AuditLog.Read.All

  • Do not select the Add permissions button until completing the next step.

  • Search for Policy.

  • Select the following permissions:

    • Policy.Read.All

  • Do not select the Add permissions button until completing the next step.

  • Search for Reports.

  • Select the following permissions:

    • Reports.Read.All

  • Select Add permission.

  • Select Grant admin consent for 'your company name'.

  • When prompted select Yes to add the permissions.

  • Select Certificates & secrets.

  • Select New client secret.

  • Enter a meaningful Description.

  • Select Never expires.

  • Select Add.

  • Copy the Client secret and save it somewhere safe. Once you leave this page you cannot retrieve the client secret again.

  • Select Overview.

  • Copy and save the Application (client) ID.

  • Copy and save the Directory (tenant) ID.

  • Log out of the Azure portal.