Required Permissions for EntraID
Scope: Easy2Patch (All Versions)
General steps to configure application registration for Intune application management.
Sign in to the Azure portal (https://portal.azure.com).
Select "Azure Active Directory" from the left-hand navigation menu.
Select "App registrations" under the Manage section.
Click on "New registration" to create a new application registration.
Enter a name for your application, choose the supported account types, and enter a redirect URI (if applicable).
After registering the application, note the Application ID and Tenant ID. These will be used later in the Intune application configuration.
In Intune, navigate to "Client apps" and select "App registration" from the left-hand navigation menu.
Click on "Add" to create a new app registration.
Enter the Application ID and Tenant ID from step 6 and click "Next".
Select the app management capabilities you want to configure, such as app protection policies and app configuration policies.
Complete the configuration and assign the app registration to users or groups as needed.
Note that these steps are general and may differ slightly depending on your specific Intune configuration and requirements. Always refer to official documentation and best practices for guidance when configuring Intune application management.
Microsoft Graph Permissions
You should give some permissions for manage applications in intune for Application registration. In the Select permissions table view, search for "User", "GroupMember" and "Group" and under those permissions, enable the following:
User.Read: Sign in and read user profile
User.Read.All: Read all users' full profiles
Then, search for “GroupMember”, "Group" and under Group permissions, enable:
GroupMember.Read.All: View Azure AD groups to enable automatic application deployment
Group.Read.All: Read all groups
Last updated