Skip to main content

Integration

Application registrations

The application registration is carried out in the Microsoft Azure portal via administrative credentials. A user can choose one of the following types of accounts:

A tenant admin account;

  • A tenant user account (with the enabled “Users can register applications” setting).

The option to open an application registration page is available under:

  • Microsoft Azure portal > Azure services > App registrations;

intune_01.png

  • Microsoft Azure portal > Search > Enter a search request (i.e., “App registrations”) > Select the service in the list > App registrations;

intune_02_02.png

  • Microsoft Azure portal > Menu > All services > Enter a search request (i.e., “App registrations”) > Select the service in the list > App registrations.

intune_03_03.png

Microsoft Azure portal shows the screen when successful:

intune_04_1.png

The option to create a new application registration is available under the New registration option.

intune_05.png

Microsoft Azure portal shows the Create window when successful:

intune_06_01.png

To create a new application registration, a user fills in the fields in the form (see Table 1 and the Microsoft Azure manual).

Table 1. A new application registration

Field name Details
Name This field sets a meaningful application name to display to users (i.e., Apptimized Intune Test)
Supported accounts

This option identifies types of accounts that can use the application.
Three options available:

  • Accounts in this organizational directory only;
  • Accounts in any organizational directory;
  • Accounts in any organizational directory and personal Microsoft accounts;
  • Personal Microsoft account only.
Redirect URI

This setting is optional, and the values can be provided later.

 

intune_07.png

When clicking on the Register button, Microsoft Azure portal shows the following screen:

intune_08.png

When the application is successfully registered, a user needs to make a series of settings steps, namely:

  • To add a redirect URIs;
  • To add new client secret string;
  • To grant permissions to the application to call API.

Next, each setting block is shown in more detail.

The option to add redirect URIs to the application is available under the All services > App registrations > Select the application in the list > Manage menu > Authentication > Platform configurations > Add a platform> Web > Redirect URLs > Fill in new URI > Configure button.

The following URL is required to be added: https://app.apptimized.com/Account/AuthCode

intune_09_02-(1).png

The option to add new client secret string is available under the All services > App registrations > Select the application in the list > Manage menu > Certificates & secrets > Client secrets > New client secret button > Fill in the description > Set the expiry mode > Add button.

intune_10_02.png

Note. When clicking on the Add button, the client secret value appears (i.e., ~_fd-Y49~haNZ~g8RbDz9yQCF4KQ__1j49). A user must copy the value to the clipboard to use it in the client’s application code. It becomes inaccessible once a user leaves this page. The Client secret value correlates with the Client secret field when integrating Intune into the Apptimized portal.

intune_11_02.png

The option to configure permissions to the application to call API is available under All services > App registrations > Select the application in the list > Manage menu > API permissions > Add a permission > Microsoft Graph.

intune_12.png

Microsoft Azure portal shows the following screen when successful:

intune_13.png

The option to set the types of permissions to the application is available under the Delegated permissions button > Select the permissions from the list > Add permissions button. The screenshot below shows the list of enabled permissions:

intune_24.pngIntunePermissions1.png

Some delegated permissions can be consented by non-administrative users, but some higher-privileged permissions require administrator consent. The option to grant permissions is available under the Grant admin consent for [company name] button.

Intune_51_1.png

Note. If the application runs as a background service or daemon without a signed-in user, the required option is Application permissions. The Applications permissions are the permissions that are used by applications that run without a signed-in user present. Using Application permissions enables Apptimized users to push packages to Intune without requiring an own Intune access or even an AAD account in the target Azure directory. By configuring the use of application permissions, the API will be authorized to push packages to Intune without requiring an authenticated AAD Intune user with adequate permissions to provide this authorization.

intune_end.pngIntuneAppPermisions.png
The DeviceManagementApps permissions in Applications permissions are identical to Delegated permissions group.
intune_permissions_32.pngPermissionsIntune.png

Integration of the application from the Microsoft Azure portal into the Apptimized portal

The one-time configuration is available for project administrators under the Project menu > Administration > Settings > Integration section > Intune.

intune_22.png

Intune becomes active when switched on and once the required settings are completed. All required fields are marked with an asterisk *.

intune_23_2.png

Table 2. Basic settings

Settings

Details

Tenant Identifier

The Tenant Identifier corresponds to the term Directory (tenant) ID in the Microsoft Azure portal.

The Directory (tenant) ID is a unique identifier generated automatically by the Microsoft Azure portal for every application during its creation.

intune_25_1.png

Client Identifier

The Client Identifier corresponds to the term Application (client) ID in the Microsoft Azure portal.

The Application (client) ID is a unique identifier generated automatically by the Microsoft Azure portal for every application during its creation.

intune_25_2.png

Client Secret

The Client Secret corresponds to the term Value of secret in the Microsoft Azure portal.

The Client Secret is a unique identifier generated automatically by the Microsoft Azure portal for every application during its creation.

intune_42.png

Learn more.

Use applications permissions 

The Use application permissions correspond to the term Applications permissions in the Microsoft Azure portal. 

The Applications permissions are the permissions that are used by applications that run without a signed-in user present. Using Application permissions enables Apptimized users to push packages to Intune without requiring an own Intune access or even an AAD account in the target Azure directory. By configuring the use of application permissions, the API will be authorized to push packages to Intune without requiring an authenticated AAD Intune user with adequate permissions to provide this authorization.

 

intune_end_2.png

 

Apptimized shows the following notification when successful:

intune_24.png

Manage project roles

Intune requires the assignment of the project user to the role with the required permission. Assigning needed permissions is available under the Project menu > Administration > Roles.

intune_26.png

It is possible to add permission to the existing group or to create a new one by clicking the Add new role button, as shown on the screenshots below.

intune_27.png

The new role requires its meaningful name and Intune project permission.

intune_28.png

Apptimized shows the following screen and notification when successful:

intune_29.png

For a user to be able to perform any activities related to the Intune, he must be assigned a role with the Intune project permission. The option to assign the role to a user (or a group) is available under the Update users or Update groups buttons respectively.

Instructions on how to edit or manage roles within the project are available in the Apptimized Portal user manual > Project role section.

Intune apps list

The Intune apps list provides a user the information on the full list of applications from the Microsoft Intune portal available in the Apptimized portal.

The Intune apps list enables a user to manage applications from the Microsoft Intune portal without leaving the Apptimized portal.

The option to access Intune applications list is available under Project menuIntune apps.


image-for-article.png

Assigning permissions to a user to work with Microsoft Intune from Microsoft Azure

The option to open an application registration page is available under:

    • Microsoft Azure portal > Search > Enter a search request (i.e., “Intune”) > Select the service in the list > Intune;

    intune_16.png

    • Microsoft Azure portal > Menu > All services > Enter a search request (i.e., “Intune”) > Select the service in the list > Intune.

    intune_17.png

    Microsoft Azure portal shows the following screen when successful:

    intune_18_02.png

    The option to add new Intune role is available under the All services > Tenant administration > Roles > All roles > Create button.

    intune_19_2.png

    Microsoft Azure portal shows the screen when successful:

    Intune_20_2.png

    The screenshot below shows the procedure for creating a new custom role (Create button > Enter role name > Enter role description > Select scope tags > Create button):

    intune_19.png

    Microsoft Azure portal shows the following screen when successful:

    intune_19_8.png

    When the new custom role appears in the list, the assignments must be provided. Microsoft Azure portal shows the following screen when clicking the new custom role name:

    intune_21_1.png

    The option to provide assignments is available under the Roles > Select and click on role > Assignments > Assign button.

    The screenshot below shows the procedure for role assignments (Assign button > Enter role assignment name > Enter role assignment description > Select admin groups > Select scope groups > Select scope tags > Create button):

    INTUNE_20_2-(1).png

    Microsoft Azure portal shows the following screen when successful:

    INTUNE_21_2.png