Setting API permissions for Intune-integrated apps

When you use the Blue Cedar Accelerator for Microsoft to integrate the Intune App SDK into a mobile app, you also need to register the app in the Microsoft portal so that the Intune administrator can manage the Intune features in the app. 

Step-by-step guide

Adding the Intune App SDK with the Microsoft Authentication Library to your apps allows the Microsoft identity platform to provide authentication and authorization services for your app and its users. To do this, you need to have done these steps once for each mobile app on your Azure Active Directory tenant: 

Register the mobile app on the Microsoft portal

1. Using an account with Application administrator privileges, log into the Azure Active Directory admin center:
   
   https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps 
2. Search for an existing app or, to create a new registration, follow these steps:
   1. Click + New registration.
   2. On the "Register an application" screen, enter a name.
   3. Under "Supported account types," select "Accounts in this organizational directory only."
   4. Click Register.

Configure API permissions for the mobile app

1. On the screen for your app registration, copy these values from the Essentials section and save them to use on the Blue Cedar Platform for configuration:
   • Application (client) ID
   • Directory (tenant) ID
2. On the same application screen, click API permissions, and add the following permissions:
   • Microsoft Graph API:
     
     • Directory.Read.All
     • Device.Read.All
   • Microsoft Mobile Application Management
     • DeviceManagementManagedApps.ReadWrite
   • Intune API:
     • get_data_warehouse