Step 1: Create and configure an Azure Enterprise application
a. Navigate to https://portal.azure.com/#home.
b. Click on “App registrations”
c. Click on New Registrations.
d. Enter the name of the application, select supported accounts types and click on register.
e. Once the application is created copy the Application (Client) ID and the Directory (tenant) ID from the “Overview” page.
f. Click on “Add a certificate or secret”
g. Click on “New Client secret” on the “Clients secret” page.
h. Enter the description for the certificate and also add the expiration date (Recommended: 730 days (24 months)). Click on Add.
i. Copy the code from the Value column. This will be your client secret. This code will only be displayed once on time of creation.
Step 2: Grant device permission to this application.
a. In the application, click on “API permission” on the left hand menu. Click on “Add a permission” and then click on “Microsoft Graph” on the Request API permissions page.
b. Click on “Application permissions”
c. Add the following permission one by one by searching them:
- Device.Read.All
- Device.ReadWrite.All
- DeviceManagementApps.Read.All
- DeviceManagementApps.ReadWrite.All
- DeviceManagementManagedDevices.PrivilegedOperations.All
- DeviceManagementManagedDevices.Read.All
- DeviceManagementManagedDevices.ReadWrite.All
d. Once all the permissions are added then click on the “Grant admin consent”
Step 3: Add the MDM details in Onflo
a. Login to Onflo and Click on “Microsoft Intune” in MDM settings in Integrations.
b. Enter the details which were copied earlier and click on “Next”
