Configuring the Microsoft Authentication policy
In an app security profile, set these options for Microsoft Intune Authentication. (See Configuring app security profiles for general information about managing profiles.)
Click Policies, then click Create New App Security Profile or click on the name of an existing profile to edit it. If you're adding a new profile, give it a name.
On the policy details page, select the Authentication tab and enable Use custom Active Directory configuration.
Configure Authentication options:
|Azure AD Client ID|
The app’s Azure AD client identifier. This can be retrieved from the Azure Portal's App Registrations. (Required for custom AD.)
|Azure AD Authority|
A base URI for the Azure AD authority that the app will use to authenticate. (Required for custom AD.)
A different authority may be specified if necessary. For example: https://login.microsoftonline.com/intuneacme.onmicrosoft.com
|ADAL Cache Identifier Override|
The platform-specific identifier used to control where ADAL cache information is stored to allow sharing between apps.
Note that apps must have the same signer (Team ID on iOS or keystore on Android) to share ADAL cache information directly.
This option is unavailable if Use Authentication Broker is enabled.
|Use Authentication Broker|
Enable to use an external authentication broker app (such as the Microsoft Authenticator).
Redirecting authentication flows to an authentication broker allows apps that do not have the same signer to use the ADAL cache in the authentication broker to achieve Single Sign-On (SSO), for example between Microsoft apps and third-party apps. Using an authentication broker also allows Multi-Factor Authentication (MFA) flows to be used.
If you use an authentication broker, see instructions below after signing your app.
Click Save changes.
Using the authentication broker
If you are using the authentication broker or a custom client ID, the signing process generates a Redirect URI.
- If you sign your app on the Blue Cedar platform, the Redirect URI appears on the app card after integrating and signing.
- If you sign your app externally, the signing script displays the Redirect URI on completion.
Copy this Redirect URI and add it to your Azure AD portal.