AppRegistration Wizard for Intune

Overview

IntuneAppRegCreator.exe is a command-line tool built on .NET Framework 4.7.2 that allows IT administrators to securely and interactively register an Azure AD Application with the required Microsoft Graph and Microsoft Defender for Endpoint (ATP) permissions.

This tool is specifically designed to support Easy2Patch's Intune integration by automating the App Registration process and assigning the correct permissions needed for seamless app deployment and management.

You can download the tool here:

https://dl.easy2patch.com/dl/arksoft/easy2patch/tools/IntuneAppRegCreator.sfx.exe

Key Features

  • Authenticates using interactive login with a Global Administrator account.

  • Creates an Azure AD Application Registration with a user-specified name and redirect URI.

  • Automatically generates a client secret with a configurable validity period.

  • Assigns all necessary Microsoft Graph API and Defender ATP permissions.

  • Outputs a complete registration summary to console and saves it to a .txt file.

  • Generates and optionally opens the Admin Consent URL in your default browser.

System Requirements

Component
Version

.NET Framework

4.7.2

Operating System

Windows 10 or later (Admin user)

Azure Role

Azure AD Global Administrator

Browser

Modern browser installed

How to Use

Download and extract the tool:

Download the latest version of the tool from: https://dl.easy2patch.com/dl/arksoft/easy2patch/tools/IntuneAppRegCreator.zip

Then extract the contents of the .zip file to a folder of your choice, such as:

C:\Tools\IntuneAppRegCreator\

Run the tool:

Open Command Prompt as Administrator and navigate to the extracted folder:

cd C:\Tools\IntuneAppRegCreator
IntuneAppRegCreator.exe

Follow the prompts:

The tool will guide you through:

  • Authenticating with Azure AD using your Global Admin account

  • Entering the application name, redirect URI, and secret validity

  • Creating the app registration, secret, and assigning permissions

  • Displaying and saving the registration summary

  • Optionally opening the Admin Consent URL in your browser

Input Prompts

  1. Application Name

    Enter application name (default: Easy2PatchProd):

    • If left blank, the default name Easy2PatchProd is used.

    • Must be unique within your Azure tenant.

  2. Redirect URI

    Enter redirect URI (e.g., https://e2p.domain.com/#/auth/azuread/):

    • This is mandatory.

    • Must include the path: /#/auth/azuread/

    • Example: https://e2p.contoso.com/#/auth/azuread/

  3. Client Secret Validity (in days)

    Enter client secret validity in days (default: 730):

    • If blank or invalid, default is 730 days (2 years).

Output Summary

After successful registration, the tool displays and saves:

  • Application Name

  • Application ID

  • Object ID

  • Client Secret Value

  • Secret Expiry Date

  • Tenant ID

  • Admin Consent URL

This summary is saved to:

<ApplicationName>.txt

Admin Consent

After the application is created and permissions are assigned, the tool will generate this URL:

https://login.microsoftonline.com/<tenant_id>/adminconsent?client_id=<app_id>

You will be asked:

Would you like to open the admin consent URL in your browser? (y/n):

⚠️ If the admin consent page shows an error, simply click your browser’s Back button, then scroll to the bottom of the page and click "Accept" again.

Admin consent must be granted by a Global Administrator to finalize the permission assignments.

Important Notes

  • This tool uses Microsoft's public client ID (Azure CLI) to perform login and requires no pre-registered application.

  • The access token is used to call Microsoft Graph with full admin-level privileges, but does not persist any login or store secrets.

  • Client secret will only be displayed once. Copy and store it securely.

  • You can re-run this tool anytime to create additional app registrations.

Troubleshooting

Issue
Resolution

User canceled authentication

Do not close the browser login window. Restart the app if needed.

Consent page shows an error

Click the Back button in browser and scroll down to accept.

Secret not saving

Ensure the tool has write access in the current directory.

App not visible in Azure

Check the Azure AD > App registrations under "All Applications".

Use Case: Easy2Patch Intune Integration

This tool is specifically developed for Easy2Patch to:

  • Automatically create the required App Registration in Azure AD

  • Assign all permissions needed to manage apps and policies via Microsoft Intune and Defender for Endpoint

  • Streamline setup for organizations deploying and patching software with Intune

Requirements Summary

  • You must be a Global Administrator

  • You must have a browser installed

  • Tool must be run interactively

  • No service principal or client ID required

Support

For Easy2Patch-related questions, contact:

PreviousConfiguring Intune Application RegistrationNextGetting Code-Signing Certificate

Last updated