# Configuring Intune Application Registration General steps to configure application registration for Intune application management. 1. Sign in to the Azure portal ([https://portal.azure.com](https://portal.azure.com/)). 2. Select "Azure Active Directory" from the left-hand navigation menu. 3. Select "App registrations" under the Manage section. 4. Click on "New registration" to create a new application registration. 5. Enter a name for your application, choose the supported account types, and enter a redirect URI (if applicable). 6. After registering the application, note the Application ID and Tenant ID. These will be used later in the Intune application configuration. 7. In Intune, navigate to "Client apps" and select "App registration" from the left-hand navigation menu. 8. Click on "Add" to create a new app registration. 9. Enter the Application ID and Tenant ID from step 6 and click "Next". 10. Select the app management capabilities you want to configure, such as app protection policies and app configuration policies. 11. Complete the configuration and assign the app registration to users or groups as needed. {% hint style="info" %} Note that these steps are general and may differ slightly depending on your specific Intune configuration and requirements. Always refer to official documentation and best practices for guidance when configuring Intune application management. {% endhint %} ## Microsoft Graph Permissions You should give some permissions for manage applications in intune for Application registration. In the **Select permissions** table view, search for “**DeviceManagement**”, **"Application"**, **"User"** and **"Device"** and under those permissions, enable the following: * **Application.Read.All:** Read all applications * **Application.ReadWrite.All**: Read and write all applications * **Device.Read.All**: Read * **DeviceManagementApps.ReadWrite.All:** View and create applications in Intune * **DeviceManagementConfiguration.Read.All:** View properties and relationships of assignment filters * **DeviceManagementManagedDevices.Read.All:** View device inventory for the auto-publish feature * **DeviceManagementRBAC.Read.All:** View scopes to be assigned to applications * **DeviceManagementServiceConfig.ReadWrite.All:** Update Enrollment Status Page configurations * **User.Read:** Sign in and read user profile * **User.Read.All:** Read all users' full profiles Then, search for **“GroupMember”**, **"Group"** and under Group permissions, enable: * **GroupMember.Read.All:** View Azure AD groups to enable automatic application deployment * **Group.Read.All**: Read all groups ## Windows Defender ATP Permissions You should give some permissions for manage Defender Integration in intune for Application registration. In the **Select permissions** table view, search for “**Alert**”, **"Ip"**, **"Machine", "Score**", "**SecurityBaselinesAssessment**", "**SecurityConfiguration**", "**SecurityRecommendation**", "**Vulnerability**", "**User**", "**Software**", and **"RemediationTasks"** and under those permissions, enable the following: * **Alert.Read.All**: Read all alerts * **Ip.Read.All:** Read IP address profiles * **Machine.Read.All:** Read all machine profiles * **Machine.ReadWrite.All:** Read and write all machine information * **Machine.Scan:** Scan machine * **RemediationTasks.Read.All:** Read all remediation tasks * **Score.Read.All:** Read Threat and Vulnerability Management score * **SecurityBaselinesAssessment.Read.All:** Read all security baselines assessment information * **SecurityConfiguration.Read.All:** Read all security configurations * **SecurityRecommendation.Read.All:** Read Threat and Vulnerability Management security recommendations * **Software.Read.All:** Read Threat and Vulnerability Management software information * **User.Read.All:** Read user profiles * **Vulnerability.Read.All:** Read Threat and Vulnerability Management vulnerability information --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.easy2patch.com/deployment/configuring-intune-application-registration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.