# AppRegistration Wizard for Intune

## Overview

**IntuneAppRegCreator.exe** is a command-line tool built on **.NET Framework 4.7.2** that allows IT administrators to securely and interactively register an Azure AD Application with the required Microsoft Graph and Microsoft Defender for Endpoint (ATP) permissions.

This tool is specifically designed to support **Easy2Patch's Intune integration** by automating the App Registration process and assigning the correct permissions needed for seamless app deployment and management.

You can **download the tool here**:&#x20;

<https://dl.easy2patch.com/dl/arksoft/easy2patch/tools/IntuneAppRegCreator.sfx.exe>

## Key Features

* Authenticates using **interactive login with a Global Administrator** account.
* Creates an **Azure AD Application Registration** with a user-specified name and redirect URI.
* Automatically generates a **client secret** with a configurable validity period.
* Assigns all necessary **Microsoft Graph API** and **Defender ATP** permissions.
* Outputs a complete **registration summary** to console and saves it to a `.txt` file.
* Generates and optionally opens the **Admin Consent URL** in your default browser.

## System Requirements

| Component        | Version                           |
| ---------------- | --------------------------------- |
| .NET Framework   | 4.7.2                             |
| Operating System | Windows 10 or later (Admin user)  |
| Azure Role       | Azure AD **Global Administrator** |
| Browser          | Modern browser installed          |

## How to Use

**Download and extract the tool:**

Download the latest version of the tool from:\
<https://dl.easy2patch.com/dl/arksoft/easy2patch/tools/IntuneAppRegCreator.zip>

Then extract the contents of the `.zip` file to a folder of your choice, such as:

```
C:\Tools\IntuneAppRegCreator\
```

**Run the tool:**

Open **Command Prompt** as Administrator and navigate to the extracted folder:

```bash
cd C:\Tools\IntuneAppRegCreator
IntuneAppRegCreator.exe
```

**Follow the prompts:**

The tool will guide you through:

* Authenticating with Azure AD using your Global Admin account
* Entering the application name, redirect URI, and secret validity
* Creating the app registration, secret, and assigning permissions
* Displaying and saving the registration summary
* Optionally opening the Admin Consent URL in your browser

### Input Prompts

1. **Application Name**

   ```
   Enter application name (default: Easy2PatchProd):
   ```

   * If left blank, the default name **Easy2PatchProd** is used.
   * Must be unique within your Azure tenant.
2. **Redirect URI**

   ```
   Enter redirect URI (e.g., https://e2p.domain.com/#/auth/azuread/):
   ```

   * This is **mandatory**.
   * Must include the path: `/#/auth/azuread/`
   * Example: `https://e2p.contoso.com/#/auth/azuread/`
3. **Client Secret Validity (in days)**

   ```
   Enter client secret validity in days (default: 730):
   ```

   * If blank or invalid, default is **730 days** (2 years).

### Output Summary

After successful registration, the tool displays and saves:

* Application Name
* Application ID
* Object ID
* Client Secret Value
* Secret Expiry Date
* Tenant ID
* Admin Consent URL

This summary is saved to:

```
<ApplicationName>.txt
```

### Admin Consent

After the application is created and permissions are assigned, the tool will generate this URL:

```
https://login.microsoftonline.com/<tenant_id>/adminconsent?client_id=<app_id>
```

You will be asked:

```
Would you like to open the admin consent URL in your browser? (y/n):
```

> ⚠️ If the **admin consent page shows an error**, simply click your **browser’s Back button**, then scroll to the bottom of the page and **click "Accept"** again.

Admin consent **must** be granted by a Global Administrator to finalize the permission assignments.

### Important Notes

* This tool uses Microsoft's **public client ID** (Azure CLI) to perform login and requires no pre-registered application.
* The access token is used to call Microsoft Graph with full admin-level privileges, but **does not persist any login or store secrets**.
* Client secret will only be displayed once. **Copy and store it securely.**
* You can re-run this tool anytime to create additional app registrations.

### Troubleshooting

| Issue                            | Resolution                                                        |
| -------------------------------- | ----------------------------------------------------------------- |
| **User canceled authentication** | Do not close the browser login window. Restart the app if needed. |
| **Consent page shows an error**  | Click the **Back** button in browser and scroll down to accept.   |
| **Secret not saving**            | Ensure the tool has write access in the current directory.        |
| **App not visible in Azure**     | Check the Azure AD > App registrations under "All Applications".  |

### Use Case: Easy2Patch Intune Integration

This tool is specifically developed for Easy2Patch to:

* Automatically create the required App Registration in Azure AD
* Assign all permissions needed to manage apps and policies via Microsoft Intune and Defender for Endpoint
* Streamline setup for organizations deploying and patching software with Intune

### Requirements Summary

* You must be a **Global Administrator**
* You must have a **browser installed**
* Tool must be run **interactively**
* No service principal or client ID required

### Support

For Easy2Patch-related questions, contact:

* <support@easy2patch.com>,
* [Configuring Intune Application Registration](https://docs.easy2patch.com/deployment/configuring-intune-application-registration)