Entrust PKI as a Service

Creating an Intune application in Azure

Create an application in the Microsoft Azure portal to integrate with the Intune service.

ℹ At the end of this process, you should have the Application (client) ID, Directory (tenant) ID, and Client secret values required when Configuring Intune in PKIaaS.

To create an Intune application in Azure:

  1. Log in to https://portal.azure.com as a user with administrative permissions.

  2. Go to Home > App registrations.

    IMG

  3. Click New registration to display the Register an application page.

    IMG

  4. In the Name field, type the name of the new Intune application.

  5. In the Supported account types list, ensure Accounts in this organizational directory only (your organization only - Single tenant) is selected.

  6. Click Register to display the details of the new application.

    IMG

  7. Copy the Application (client) ID and Directory (tenant) ID values to a text file. You will use these values when Configuring Intune in PKIaaS.

  8. Click Add a certificate or secret to display the Certificates & secrets page.

    IMG

  9. Click New client secret to display the Add a client secret dialog.

  10. In the Description field, write a description of the new secret.

  11. In the Expires drop-down list, select the expiration date of the new secret.

  12. Click Add to add the new secret and close the Add a client secret dialog.

  13. On the Certificates & secrets page, copy the Value of the new secret to a text file. You will use this value when Configuring Intune in PKIaaS.

    ⚠ The secret value will no longer be available after leaving this page.

    IMG

  14. In the navigation sidebar, click API permissions to display the API permissions page.

    IMG

  15. Click Add a permission to display the Request API permissions sidebar.

    IMG

  16. In the Request API permissions sidebar:

    1. Click Microsoft Graph.
    2. Under Select permissions, search for and select the Application.Read.All and DeviceManagementManagedDevices.Read.All permissions.
    3. Click Add permissions.

  17. Click Add a permission to display the Request API permissions sidebar again.

    1. In the Request API permissions sidebar:
    2. Click Intune.
    3. Click Application permissions.
    4. Under Select permissions, select the scep_challenge_provider permission.
    5. Click Add permissions.

  18. On the API permissions page, click Add admin consent for your organization to grant these permissions to the new Intune application.