For Application Manager to work with Intune, you'll first need to do the following within the Microsoft Azure portal:
- Create the Entra ID App Registration to be used with Application Manager
- Add client secret
- Grant the application API permissions
Create the Entra ID App Registration
To create the app registration:
1. Log into https://portal.azure.com using your Azure credentials with full admin rights.
2. Search for App registrations.
3. On the App registrations page, click New registration.
4. Give the application a meaningful display Name. You can change the name later.
5. As the Supported account type, select Accounts in this organizational directory only (Recast Software only - Single tenant).
6. Click Register.
7. In the Overview pane that opens, copy the Application (client) ID and Directory (tenant) ID. You'll need to enter these later in your Recast Management Server.
Add Client Secret
1. On the App registrations page, under Manage, click Certificates & secrets.
2. On the Client secrets tab, add a New client secret.
3. Add a description for the secret (for example. Application Manager service), choose when the secret Expires, and click Add.
NOTE: You must create a new client secret before the current one expires and change the client secret for your Recast Management Server service connection.
TIP: Schedule a support ticket, task or calendar entry before the expiry time to perform these actions.
DO NOT navigate away from the page before completing the next step!
4. Copy the client secret value to a clipboard and save it to a secure location. You will not be able to see the client secret after navigating away from the page. You will need to specify the client secret whenever you modify Entra ID details in Application Manager, for example, if you want to change the display name of the Entra ID tenant).
Add API Permissions for the Application
To add API permissions:
1. On the App registrations page, under Manage, click API Permissions.
2. Select Add a permission.
3. On the Microsoft APIs tab, click Microsoft Graph.
4. Add the following permissions:
| Application permissions | DeviceManagementApps.ReadWrite.All | Read and write Intune apps |
| DeviceManagementConfiguration.Read.All | Read Intune device configuration and policies, permission only required to specify application categories in AM deployment processes | |
| GroupMember.Read.All | ||
| Device.Read.All | ||
| Delegated permissions | User.Read |
5. Click Grant admin consent for [Tenant Name].
Once the Entra ID App Registration is done and you have the Application (client) ID, Directory (tenant) ID and Client secret available, you can then add a service connection from your Recast Management Server to Entra ID for Application Manager.