This blog post will show how to create an Azure App Registration using Azure CLI for Microsoft Intune.
In the code below, we will create an App Registration for managing Microsoft Intune using Graph API.
Azure Graph API gives us access to all the Azure and Microsoft 365 services programmatic access. Graph API allows us to create, edit and view resources using API calls.
App Registration
Azure App Registration is like a service account with permissions to a single or multiple Azure or Microsoft 365 services. The App Registration defines the level of access to the Azure services using supported authentication protocols.
Azure CLI
To create an Azure App Registration using Azure CLI, follow the steps below. First, Install the Azure CLI and log in to Azure using the following command.
az login --use-device-code
To create an App Registration, run the following cmdlet
az ad app create --display-name MSIntune --output json
Run the command below and note down the AppID value
az ad app list --display-name MSIntune --query "[].{ObjectID:id, AppId:appId}"
To assign permissions to the app, find the permissions you need to give the app in this link; make sure you copy the ID of the Application not Delegated
Change the –id value with your AppId value and the –api-permissions with the ID of the required permissions.
az ad app permission add --id APPID --api 00000003-0000-0000-c000-000000000000 --api-permissions COPYFROMLINK=Role
For example, to give the API DeviceManagementApps.ReadWrite.All permissions. I will run the code below.
az ad app permission add –id AppID –api 00000003-0000-0000-c000-000000000000 –api-permissions 78145de6-330d-4800-a6ce-494ff2d33d07=Role
Next, We need to Grant Admin Consent to the application using the command below.
az ad app permission admin-consent --id AppID
To create an App Registration Secret, run the command below
az ad app credential reset --id AppID