-
Installation Guide
-
Admin Guides
-
User Guides
-
References
Print
Create Azure App Registration
Copy the URL link to this section to share
Synchronizing data from Intune, Azure AD, Log Analytics, and other cloud data sources is done using application permissions. Here we are configuring the permissions required for Power BI to connect to the data sources to get the data.
Prerequisites: The user performing this step requires Global Admin and Subscription Admin rights.
Step
Step 1
- Login to portal.azure.com or entra.microsoft.com using a global administrator account.
- Search for and select App registrations.
- Select New registration.
Step
Step 2
- Enter a Name for the application. (This will not be seen by anyone other than admins.)
- Specify who can use the application as Accounts in this organizational directory only.
- Select Register.
Step
Step 3
- On the Enterprise App page select API Permissions.
Step
Step 4
- Remove the User.Read permission.
Step
Step 5
- When prompted to remove the permission, select Yes, remove.
Step
Step 6
- Select Add a permission.
Step
Step 7
- Select Microsoft Graph.
Step
Step 8
- Select Application permissions.
Step
Step 9
- Search for DeviceManagement.
- Select the following permissions:
- DeviceManagementApps.Read.All
- DeviceManagementConfiguration.Read.All
- DeviceManagementManagedDevices.Read.All
- DeviceManagementRBAC.Read.All
- DeviceManagementServiceConfig.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
Step 10
- Search for Directory.
- Select the following permissions:
- Directory.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
Step 11
- Search for AuditLog.
- Select the following permissions:
- AuditLog.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
Step 12
- Search for Policy.
- Select the following permissions:
- Policy.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
Step 13 Only Required for Windows 365 (Cloud PC)
- Search for CloudPC.
- Select the following permissions:
- CloudPC.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
Step 14
- Search for Reports.
- Select the following permissions:
- Reports.Read.All
- Select the Add permissions button.
Step
Step 15 Skip Directly to Step 19 if You Do Not Plan to Use Our Custom Inventory Solution
- Select Add a permission.
Step
Step 16 Only Required for Custom Inventory for Windows
- Select APIs my organization uses.
Step
Step 17 Only Required for Custom Inventory for Windows
- Search for Log Analytics.
- Select Log Analytics API.
Step
Step 18 Only Required for Custom Inventory for Windows
- Select Application Permissions.
Step
Step 19 Only Required for Custom Inventory for Windows
- Select Data.Read.
- Select Add permissions.
Step
Step 20
- Select Grant admin consent for <your company name>.
Step
Step 21
- Select Yes at the prompt.
Step
Step 22
- Select Certificates & secrets.
- Select New client secret.
Step
Step 23
- Enter a Description.
- Select a value for Expires.
- Select Add.
Step
Step 24
- Record the Value data as the Azure AD Client Secret. This will be used later in the installation process. The value can only be displayed once, if you fail to record it here you will have to create a new one.
Step
Step 25
- Select Overview.
- Record the Application (client) ID as the Azure AD Client ID. This will be used later in the installation process.
- Record the Directory (tenant) ID as the Azure AD Tenant ID. This will be used later in the installation process.
- The Azure AD Application registration is now complete.