# Integration
#### Application registrations
The application registration is carried out in the Microsoft Azure portal via administrative credentials. A user can choose one of the following types of accounts:
A tenant admin account;
- A tenant user account (with the enabled **“Users can register applications”** setting).
The option to open an application registration page is available under:
- **Microsoft Azure** portal > **Azure services** > **App registrations**;
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/ql2t7GeHU7oa1KFn-intune_01.png)
- **Microsoft Azure** portal > Search > Enter a search request (i.e., “App registrations”) > Select the service in the list > **App registrations**;
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/q7ncDCyqN1eH0oih-intune_02_02.png)
- **Microsoft Azure** portal > Menu > All services > Enter a search request (i.e., “App registrations”) > Select the service in the list > **App registrations**.
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/yC2QnvLLANcWCJZq-intune_03_03.png)
**Microsoft Azure** portal shows the screen when successful:
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/Wjely3sX4Cys5DwG-intune_04_1.png)
The option to create a new application registration is available under the **New registration** option.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/lcgEArRMyPn4ljJz-intune_05.png)
Microsoft Azure portal shows the Create window when successful:
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/BK5Q9Jma32fJJnFN-intune_06_01.png)
To create a new application registration, a user fills in the fields in the form (see Table 1 and the [Microsoft Azure manual](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app)).
Table 1. A new application registration
| **Field name** | **Details** |
| Name | This field sets a meaningful application name to display to users (i.e., **Apptimized Intune Test**) |
| Supported accounts | This option identifies types of accounts that can use the application.
Three options available:
- Accounts in this organizational directory only;
- Accounts in any organizational directory;
- Accounts in any organizational directory and personal Microsoft accounts;
- Personal Microsoft account only.
|
| Redirect URI | This setting is optional, and the values can be provided later.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/dEYiRGrv0j8eCFmJ-intune_07.png)
|
When clicking on the **Register** button, **Microsoft Azure** portal shows the following screen:
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/Cei3dkzsqedEEn6N-intune_08.png)
When the application is successfully registered, a user needs to make a series of settings steps, namely:
- To add a redirect URIs;
- To add new client secret string;
- To grant permissions to the application to call API.
Next, each setting block is shown in more detail.
The option to add redirect URIs to the application is available under the **All services** > **App registrations** > Select the application in the list > **Manage** menu > **Authentication** > Platform configurations > Add a platform> Web > Redirect URLs > Fill in new URI > **Configure** button.
The following URL is required to be added: **https://app.apptimized.com/Account/AuthCode**
[.png)](https://docs.apptimized.com/uploads/images/gallery/2022-08/lFojk8DEexa61qgn-intune_09_02-(1).png)
The option to add new client secret string is available under the **All services** > **App registrations** > Select the application in the list > **Manage** menu > **Certificates & secrets** > Client secrets > **New client secret** button > Fill in the **description** > Set the **expiry** mode > **Add** button.
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/yZe6C4UdTst5rUZD-intune_10_02.png)
**Note.** When clicking on the **Add** button, the client secret value appears (i.e., **~\_fd-Y49~haNZ~g8RbDz9yQCF4KQ\_\_1j49**). A user must copy the value to the clipboard to use it in the client’s application code. It becomes inaccessible once a user leaves this page. The **Client secret** value correlates with the **Client secret** field when integrating **Intune** into the **Apptimized** portal.
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/ksgCXV9lGzvrlvxw-intune_11_02.png)
The option to [configure permissions](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent) to the application to call API is available under **All services** > **App registrations** > Select the application in the list > **Manage** menu > **API permissions** > Add a permission > **Microsoft Graph**.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/vcOAtYP74pNPHpkV-intune_12.png)
**Microsoft Azure** portal shows the following screen when successful:
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/LbjJm0Jl5zdNW88e-intune_13.png)
The option to set the types of permissions to the application is available under the **Delegated permissions** button > Select the permissions from the list > **Add permissions** button. The screenshot below shows the list of enabled permissions:
[](https://docs.apptimized.com/uploads/images/gallery/2024-03/intunepermissions1.png)
Some delegated permissions can be consented by non-administrative users, but some higher-privileged permissions require administrator consent. The option to grant permissions is available under the **Grant admin consent for \[company name\]** button.
[](https://docs.apptimized.com/uploads/images/gallery/2022-11/7x9tcR8L6ovBVp9e-Intune_51_1.png)
**Note.** If the application runs as a background service or daemon without a signed-in user, the required option is **Application permissions**. The **Applications permissions** are the permissions that are used by applications that run without a signed-in user present. Using Application permissions enables Apptimized users to push packages to Intune without requiring an own Intune access or even an AAD account in the target Azure directory. By configuring the use of application permissions, the API will be authorized to push packages to Intune without requiring an authenticated AAD Intune user with adequate permissions to provide this authorization.
[](https://docs.apptimized.com/uploads/images/gallery/2024-03/intuneapppermisions.png)
The **DeviceManagementApps** permissions in **Applications permissions** are identical to **Delegated permissions** group.
[](https://docs.apptimized.com/uploads/images/gallery/2024-03/permissionsintune.png)
#### Integration of the application from the Microsoft Azure portal into the Apptimized portal
The one-time configuration is available for project administrators under the **Project** menu > **Administration** > **Settings** > Integration section > **Intune**.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/NtaZSECAxPcl6tTM-intune_22.png)
**Intune** becomes active when switched on and once the required settings are completed. All required fields are marked with an asterisk \*.
[](https://docs.apptimized.com/uploads/images/gallery/2021-12/4gqSRUSIBNFOGS8Q-intune_23_2.png)
Table 2. Basic settings
| **Settings**
| **Details**
|
| Tenant Identifier
| The **Tenant Identifier** corresponds to the term **Directory (tenant) ID** in the **Microsoft Azure** portal.
The Directory (tenant) ID is a unique identifier generated automatically by the Microsoft Azure portal for every application during its creation.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/fw0KzOjRiNVogdTB-intune_25_1.png)
|
| Client Identifier
| The **Client Identifier** corresponds to the term **Application (client) ID** in the **Microsoft Azure** portal.
The Application (client) ID is a unique identifier generated automatically by the Microsoft Azure portal for every application during its creation.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/Z0tLJtUsY8NZG6bs-intune_25_2.png)
|
| Client Secret
| The **Client Secret** corresponds to the term **Value of secret** in the **Microsoft Azure** portal.
The **Client Secret** is a unique identifier generated automatically by the Microsoft Azure portal for every application during its creation.
[](https://docs.apptimized.com/uploads/images/gallery/2021-12/SDy363ecyaq35vzd-intune_42.png)
[Learn more](#bkmrk-application-registra).
|
| Use applications permissions
| The **Use application permissions **correspond to the term [**Applications permissions**](https://docs.apptimized.com/link/110#bkmrk-note.-if-the-applica) in the **Microsoft Azure **portal.
The **Applications permissions** are the permissions that are used by applications that run without a signed-in user present. Using Application permissions enables Apptimized users to push packages to Intune without requiring an own Intune access or even an AAD account in the target Azure directory. By configuring the use of application permissions, the API will be authorized to push packages to Intune without requiring an authenticated AAD Intune user with adequate permissions to provide this authorization.
[](https://docs.apptimized.com/uploads/images/gallery/2021-12/njgHHWqpr71fI9Zd-intune_end_2.png)
|
**Apptimized** shows the following notification when successful:
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/NqzR1bReU3EdAXpA-intune_24.png)
#### Manage project roles
Intune requires the assignment of the project user to the role with the required permission. Assigning needed permissions is available under the **Project** menu > **Administration** > **Roles**.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/g3me8FUuSNBiZse3-intune_26.png)
It is possible to add permission to the existing group or to create a new one by clicking the **Add new role** button, as shown on the screenshots below.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/scvirwhWhk2fKZaw-intune_27.png)
The new role requires its meaningful name and Intune project permission.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/tlAbdIOLRfMrZCIM-intune_28.png)
Apptimized shows the following screen and notification when successful:
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/AejynNy5NrloyIZg-intune_29.png)
For a user to be able to perform any activities related to the Intune, he must be assigned a role with the **Intune project permission**. The option to assign the role to a user (or a group) is available under the **Update users** or **Update groups** buttons respectively.
Instructions on how to edit or manage roles within the project are available in the **Apptimized Portal user manual** > [**Project role**](https://docs.apptimized.com/books/apptimized-platform-user-manual/page/project-roles) section.
##### Intune apps list
The **Intune apps list** provides a user the information on the full list of applications from the **Microsoft Intune** portal available in the **Apptimized** portal.
The **Intune apps list** enables a user to manage applications from the **Microsoft Intune** portal without leaving the **Apptimized** portal.
The option to access Intune applications list is available under **Project menu** > **Intune apps.**
**[](https://docs.apptimized.com/uploads/images/gallery/2022-08/93mX2BhBZIwB7a96-image-for-article.png)**
#### Assigning permissions to a user to work with Microsoft Intune from Microsoft Azure
The option to open an application registration page is available under:
- **Microsoft** **Azure** portal > Search > Enter a search request (i.e., “Intune”) > Select the service in the list > **Intune**;
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/s5ZEIeKvKZANN8zm-intune_16.png)
- **Microsoft** **Azure** portal > Menu > All services > Enter a search request (i.e., “Intune”) > Select the service in the list > **Intune**.
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/8KUo4s7rdPfzr0GU-intune_17.png)
**Microsoft Azure** portal shows the following screen when successful:
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/Zb8Dhku19h4ifRwQ-intune_18_02.png)
The option to add new [Intune role](https://docs.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control) is available under the **All services** > **Tenant administration** > **Roles** > **All roles** > **Create** button.
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/WaHooLR4u87wG0Xl-intune_19_2.png)
**Microsoft Azure** portal shows the screen when successful:
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/5V8wxdUQur618icI-Intune_20_2.png)
The screenshot below shows the procedure for creating a new custom role (**Create** button > Enter role name > Enter role description > Select [**scope tags**](https://docs.microsoft.com/en-us/mem/intune/fundamentals/scope-tags) > **Create** button):
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/kZSc6BpAHKzha5rv-intune_19.png)
**Microsoft Azure** portal shows the following screen when successful:
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/RBbUUerjx8m9ijCI-intune_19_8.png)
When the new custom role appears in the list, the assignments must be provided. **Microsoft Azure** portal shows the following screen when clicking the new custom role name:
[](https://docs.apptimized.com/uploads/images/gallery/2020-05/lqRnMwyKdlbIW3as-intune_21_1.png)
The option to provide assignments is available under the **Roles** > Select and click on role > **Assignments** > **Assign** button.
The screenshot below shows the procedure for [role assignments](https://docs.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control) (**Assign** button > Enter role assignment name > Enter role assignment description > Select **admin groups** > Select **scope groups** > Select [**scope tags**](https://docs.microsoft.com/en-us/mem/intune/fundamentals/scope-tags) > **Create** button):
[.png)](https://docs.apptimized.com/uploads/images/gallery/2022-08/K1imWPcy8mci9SdW-INTUNE_20_2-(1).png)
**Microsoft Azure** portal shows the following screen when successful:
[](https://docs.apptimized.com/uploads/images/gallery/2022-08/Eqt75eBJuGFn1NOW-INTUNE_21_2.png)