Changes for page Unternehmensanwendung registrieren in der Microsoft Entra ID
Last modified by Sabrina V. on 2025/09/23 11:50
From version 7.1
edited by Sabrina V.
on 2025/07/03 07:19
on 2025/07/03 07:19
Change comment:
There is no comment for this version
To version 2.1
edited by Sabrina V.
on 2025/05/20 08:51
on 2025/05/20 08:51
Change comment:
There is no comment for this version
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Title
-
... ... @@ -1,1 +1,1 @@ 1 -Register a company application in Microsoft Entra ID 1 + Register a company application in Microsoft Entra ID - Content
-
... ... @@ -29,38 +29,14 @@ 29 29 30 30 Next, grant the company application the necessary permissions so that it can access the interface. To do this, switch to the Permissions area within the registered app (//Manage// > //API permissions//). 31 31 32 -[[Add permission>>image:68_Unternehmensanwendung registrieren_Berechtigungen hinzufügen_1919.png]] 32 +[[Add permissions>>image:68_Unternehmensanwendung registrieren_Berechtigungen hinzufügen_1919.png]] 33 33 34 -Add permissions Click on //Add permission. //A page will open where you can request API permissions. In this step, you must select //Microsoft Graph// ///Intune//.34 +Add permissions Click on //Add permission. //A page will open where you can request API permissions. In this step, you must select //Microsoft Graph//. 35 35 36 36 [[API permissions: Request Microsoft Graph>>image:68_Unternehmensanwendung registrieren_API-Berechtigungen Microsoft Graph anfordern_850.png||data-xwiki-image-style-alignment="center" height="722" width="701"]] 37 37 38 38 Depending on the area for which you want to grant authorisations, a distinction is made between ‘Delegated authorisations’ and ‘Application authorisations’. The tables below show the authorisations that you must insert here for the respective area. 39 39 40 -=== Intune Management === 41 - 42 -The following permissions are required to use Intune Management: 43 - 44 -**Intune** 45 - 46 -|**Type: Application** 47 -|get_data_warehouse 48 -|get_device_compliance 49 - 50 -(% class="wikigeneratedid" %) 51 -**Microsoft Graph** 52 - 53 -|**Typ: Application** 54 -|DeviceManagementApps.ReadWrite.All 55 -|DeviceManagementConfiguration.Read.All 56 -|DeviceManagementManagedDevices.PrivilegedOperations.All 57 -|DeviceManagementManagedDevices.ReadWrite.All 58 -|DeviceManagementServiceConfig.Read.All 59 -|Group.ReadWrite.All 60 -|GroupMember.ReadWrite.All 61 -|User.ReadWrite.All 62 -|Directory.ReadWrite.All 63 - 64 64 === Microsoft 365 === 65 65 66 66 **Only the application permissions are required to use Microsoft 365. Insert the following values individually and repeat the procedure until both list entries have been added:** ... ... @@ -113,7 +113,7 @@ 113 113 Due to the higher security level, Microsoft recommends using a certificate as login information. 114 114 {{/aagon.infobox}} 115 115 116 -Certificates can be used as an authentication method to log in to Microsoft Entra ID. A certificate always consists of a public and a private part, with the public key being loaded directly into Microsoft Entra ID. Both parts are required at a later stage when you add the certificate to the connection information for creating a new portal. This certificate pair must be generated in advance. Read here how to create a certificate via [[Microsoft>>url:https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal]] or Open SSL. Due to the higher security level, Microsoft recommends using a certificate as login information 92 +Certificates can be used as an authentication method to log in to Microsoft Entra ID. A certificate always consists of a public and a private part, with the public key being loaded directly into Microsoft Entra ID. Both parts are required at a later stage when you add the certificate to the connection information for creating a new portal. This certificate pair must be generated in advance. Read here how to create a certificate via [[Microsoft>>url:https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal]] or [[Open SSL>>url:https://stackoverflow.com/questions/6307886/how-to-create-pfx-file-from-certificate-and-private-key]]. Due to the higher security level, Microsoft recommends using a certificate as login information 117 117 118 118 {{aagon.infobox}} 119 119 The PKCS#12 or PFX/P12 format is often used for certificates. This is not supported by ACMP, as the certificate and key files are combined in a single file. However, you can use the OpenSSL commands openssl pkcs12 -in path.p12 -out newfile.crt -clcerts –nokeys for the certificate and openssl pkcs12 -in path.p12 -out newfile.pem -nocerts –nodes for the private key to generate two files from the file. ... ... @@ -141,7 +141,7 @@ 141 141 142 142 When creating a new secret client key, you have the option of configuring its validity period. Please note that once the validity period has expired, a new key must be created and stored. 143 143 144 -[[Add secret client key>>image:68_Unternehmensanwendung registrieren_Geheimen Clientschlüssel hinzufügen_1919.png||alt="68_Unternehmensanwendung registrieren_Geheimen Clientschlüssel_1919.png"]]120 +[[Add secret client key>>image:68_Unternehmensanwendung registrieren_Geheimen Clientschlüssel_1919.png]] 145 145 146 146 {{aagon.infobox}} 147 147 If you want to use the secret client key for the ACMP Intune Connector, you must create a new key after the validity period has expired and store it in the AESB.