Create Azure App Registration Using Azure CLI

This blog post will show how to create an Azure App Registration using Azure CLI for Microsoft Intune.

In the code below, we will create an App Registration for managing Microsoft Intune using Graph API.

Azure Graph API gives us access to all the Azure and Microsoft 365 services programmatic access. Graph API allows us to create, edit and view resources using API calls.

App Registration

Azure App Registration is like a service account with permissions to a single or multiple Azure or Microsoft 365 services. The App Registration defines the level of access to the Azure services using supported authentication protocols.

Azure CLI

To create an Azure App Registration using Azure CLI, follow the steps below. First, Install the Azure CLI and log in to Azure using the following command.

az login --use-device-code

To create an App Registration, run the following cmdlet

az ad app create --display-name MSIntune --output json

Run the command below and note down the AppID value

az ad app list --display-name MSIntune --query "[].{ObjectID:id, AppId:appId}"

To assign permissions to the app, find the permissions you need to give the app in this link; make sure you copy the ID of the Application not Delegated

Change the –id value with your AppId value and the –api-permissions with the ID of the required permissions.

az ad app permission add --id APPID --api 00000003-0000-0000-c000-000000000000 --api-permissions COPYFROMLINK=Role

For example, to give the API DeviceManagementApps.ReadWrite.All permissions. I will run the code below.

az ad app permission add –id AppID –api 00000003-0000-0000-c000-000000000000 –api-permissions 78145de6-330d-4800-a6ce-494ff2d33d07=Role

Next, We need to Grant Admin Consent to the application using the command below.

az ad app permission admin-consent --id AppID

To create an App Registration Secret, run the command below

az ad app credential reset --id AppID