Create Azure App Registration
Copy the URL link to this section to share
Synchronizing data from Intune, Azure AD, Log Analytics, and other cloud data sources is done using application permissions. Here we are configuring the permissions required for Power BI to connect to the data sources to get the data.
Prerequisites: The user performing this step requires Global Admin and Subscription Admin rights.
Step
- Login to portal.azure.com or entra.microsoft.com using a global administrator account.
- Search for and select App registrations.
- Select New registration.
Step
- Enter a Name for the application. (This will not be seen by anyone other than admins.)
- Specify who can use the application as Accounts in this organizational directory only.
- Select Register.
Step
- On the Enterprise App page select API Permissions.
Step
- Remove the User.Read permission.
Step
- When prompted to remove the permission, select Yes, remove.
Step
- Select Add a permission.
Step
- Select Microsoft Graph.
Step
- Select Application permissions.
Step
- Search for DeviceManagement.
- Select the following permissions:
- DeviceManagementApps.Read.All
- DeviceManagementConfiguration.Read.All
- DeviceManagementManagedDevices.Read.All
- DeviceManagementRBAC.Read.All
- DeviceManagementServiceConfig.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
- Search for Directory.
- Select the following permissions:
- Directory.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
- Search for AuditLog.
- Select the following permissions:
- AuditLog.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
- Search for Policy.
- Select the following permissions:
- Policy.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
Only Required for Windows 365 (Cloud PC)
- Search for CloudPC.
- Select the following permissions:
- CloudPC.Read.All
- Do not select the Add permissions button until told to do so in a later step within this document.
Step
- Search for Reports.
- Select the following permissions:
- Reports.Read.All
- Select the Add permissions button.
Step
Skip Directly to Step 19 if You Do Not Plan to Use Our Custom Inventory Solution
- Select Add a permission.
Step
Only Required for Custom Inventory for Windows
- Select APIs my organization uses.
Step
Only Required for Custom Inventory for Windows
- Search for Log Analytics.
- Select Log Analytics API.
Step
Only Required for Custom Inventory for Windows
- Select Application Permissions.
Step
Only Required for Custom Inventory for Windows
- Select Data.Read.
- Select Add permissions.
Step
- Select Grant admin consent for <your company name>.
Step
- Select Yes at the prompt.
Step
- Select Certificates & secrets.
- Select New client secret.
Step
- Enter a Description.
- Select a value for Expires.
- Select Add.
Step
- Record the Value data as the Azure AD Client Secret. This will be used later in the installation process. The value can only be displayed once, if you fail to record it here you will have to create a new one.
Step
- Select Overview.
- Record the Application (client) ID as the Azure AD Client ID. This will be used later in the installation process.
- Record the Directory (tenant) ID as the Azure AD Tenant ID. This will be used later in the installation process.
- The Azure AD Application registration is now complete.
