Last modified by Sabrina V. on 2025/11/25 08:31
From version 10.1
edited by Sabrina V.
on 2025/11/25 08:31
Change comment: There is no comment for this version
To version 5.1
edited by Sabrina V.
on 2025/06/05 11:26
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -2,10 +2,10 @@
2 2  
3 3  Enterprise applications are often used as an interface between Microsoft Entra and internally used applications, for example to give employees access to Microsoft 365. To do this, you need to register one or more applications centrally. This chapter provides an introduction to how you can register enterprise applications and assign permissions to them. It applies to the following areas of application:
4 4  
5 -* [[Intune Management>>doc:ACMP.69.ACMP-Solutions.Intune Management.WebHome]]
6 -* [[Microsoft 365>>doc:ACMP.69.ACMP-Solutions.Lizenzmanagement.Microsoft 365.WebHome]]
7 -* [[Setting up OAuth2 on the ACMP Server>>doc:ACMP.69.ACMP-Solutions.System.Einstellungen.ACMP Server.OAuth2 am ACMP Server einrichten.WebHome]]
8 -* [[ACMP Intune Connector>>doc:ACMP.69.ACMP-Solutions.Client-Management.ACMP Intune Connector.WebHome]]
5 +* [[Intune Management>>doc:ACMP.68.ACMP-Solutions.Intune Management.WebHome]]
6 +* [[Microsoft 365>>doc:ACMP.68.ACMP-Solutions.Lizenzmanagement.Microsoft 365.WebHome]]
7 +* [[Setting up OAuth2 on the ACMP Server>>doc:ACMP.68.ACMP-Solutions.System.Einstellungen.ACMP Server.OAuth2 am ACMP Server einrichten.WebHome]]
8 +* [[ACMP Intune Connector>>doc:ACMP.68.ACMP-Solutions.Client-Management.ACMP Intune Connector.WebHome]]
9 9  
10 10  = Preparing for the Microsoft Entra ID =
11 11  
... ... @@ -13,20 +13,12 @@
13 13  
14 14  == Register an Enterprise Application ==
15 15  
16 -First, log in to your [[Microsoft Entra ID>>url:https://aad.portal.azure.com/]]. Click the //Identity //> //Manage //tab > //Enterprise Applications// and create a new application registration.
16 +First, log in to your [[Microsoft Entra ID>>url:https://aad.portal.azure.com/]]. Click the Identity > Manage tab > //Enterprise Applications// and create a new application registration.
17 17  
18 18  [[App registrations in Microsoft Entra ID>>image:68_Unternehmensanwendung registrieren_App Registrierung Oberfläche_1919.png]]
19 19  
20 -Enter all the necessary information there: Assign an app name and select the accounts to be supported.
20 +Enter all the necessary information there: Assign an app name and select the accounts to be supported. Complete the process by clicking //Register//.
21 21  
22 -{{box}}
23 -**Note for [[setting up OAuth2 on the ACMP Server>>doc:ACMP.68.ACMP-Solutions.System.Einstellungen.ACMP Server.OAuth2 am ACMP Server einrichten.WebHome]]:**
24 -If only one account from the organisation directory is allowed to access it, you must select the first option. Under the redirect URI, you must enter the following: https://login.microsoftonline.com/common/oauth2/nativeclient
25 -Register the application as //Public client/native (mobile & desktop)//.
26 -{{/box}}
27 -
28 -Complete the process by clicking //Register//.
29 -
30 30  [[Register an application>>image:68_Unternehmensanwendung registrieren_App Registrierung neue anlegen_1919.png]]
31 31  
32 32  When you open the application you have created, you will see a summary of the information you have added. This includes the display name, details of the supported account types and the various IDs (application, object and directory ID). You will need the latter details (the IDs) if, for example, you want to create a new portal for Microsoft 365.
... ... @@ -37,38 +37,14 @@
37 37  
38 38  Next, grant the company application the necessary permissions so that it can access the interface. To do this, switch to the Permissions area within the registered app (//Manage// > //API permissions//).
39 39  
40 -[[Add permission>>image:68_Unternehmensanwendung registrieren_Berechtigungen hinzufügen_1919.png]]
32 +[[Add permissions>>image:68_Unternehmensanwendung registrieren_Berechtigungen hinzufügen_1919.png]]
41 41  
42 -Add permissions Click on //Add permission. //A page will open where you can request API permissions. In this step, you must select //Microsoft Graph/Intune//.
34 +Add permissions Click on //Add permission. //A page will open where you can request API permissions. In this step, you must select //Microsoft Graph//.
43 43  
44 44  [[API permissions: Request Microsoft Graph>>image:68_Unternehmensanwendung registrieren_API-Berechtigungen Microsoft Graph anfordern_850.png||data-xwiki-image-style-alignment="center" height="722" width="701"]]
45 45  
46 46  Depending on the area for which you want to grant authorisations, a distinction is made between ‘Delegated authorisations’ and ‘Application authorisations’. The tables below show the authorisations that you must insert here for the respective area.
47 47  
48 -=== Intune Management ===
49 -
50 -The following permissions are required to use Intune Management:
51 -
52 -**Intune**
53 -
54 -|**Type: Application**
55 -|get_data_warehouse
56 -|get_device_compliance
57 -
58 -(% class="wikigeneratedid" %)
59 -**Microsoft Graph**
60 -
61 -|**Typ: Application**
62 -|DeviceManagementApps.ReadWrite.All
63 -|DeviceManagementConfiguration.Read.All
64 -|DeviceManagementManagedDevices.PrivilegedOperations.All
65 -|DeviceManagementManagedDevices.ReadWrite.All
66 -|DeviceManagementServiceConfig.Read.All
67 -|Group.ReadWrite.All
68 -|GroupMember.ReadWrite.All
69 -|User.ReadWrite.All
70 -|Directory.ReadWrite.All
71 -
72 72  === Microsoft 365 ===
73 73  
74 74  **Only the application permissions are required to use Microsoft 365. Insert the following values individually and repeat the procedure until both list entries have been added:**
... ... @@ -125,7 +125,7 @@
125 125  
126 126  {{aagon.infobox}}
127 127  The PKCS#12 or PFX/P12 format is often used for certificates. This is not supported by ACMP, as the certificate and key files are combined in a single file. However, you can use the OpenSSL commands openssl pkcs12 -in path.p12 -out newfile.crt -clcerts –nokeys for the certificate and openssl pkcs12 -in path.p12 -out newfile.pem -nocerts –nodes for the private key to generate two files from the file.
128 -You can find continuing info on this topic in the section [[Managing certificates>>doc:ACMP.69.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HEnde-zu-Ende-VerschlFCsselung"]].
96 +You can find continuing info on this topic in the section [[Managing certificates>>doc:ACMP.68.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HEnde-zu-Ende-VerschlFCsselung"]].
129 129  {{/aagon.infobox}}
130 130  
131 131  Navigate to the //Certificates & Secrets// item within the previously registered application. Click on the //Certificates //tab in the details and upload the certificate you created earlier.
... ... @@ -163,8 +163,8 @@
163 163  
164 164  Now that you have registered the company application and granted the necessary permissions, you can switch to the respective application area and continue with your work:
165 165  
166 -* [[Intune Management>>doc:ACMP.69.ACMP-Solutions.Intune Management.WebHome]]
167 -* [[Microsoft 365>>doc:ACMP.69.ACMP-Solutions.Lizenzmanagement.Microsoft 365.WebHome]]
168 -* [[Setting up OAuth2 on the ACMP Server>>doc:ACMP.69.ACMP-Solutions.System.Einstellungen.ACMP Server.OAuth2 am ACMP Server einrichten.WebHome]]
169 -* [[ACMP Intune Connector>>doc:ACMP.69.ACMP-Solutions.Client-Management.ACMP Intune Connector.WebHome]]
134 +* [[Intune Management>>doc:ACMP.68.ACMP-Solutions.Intune Management.WebHome]]
135 +* [[Microsoft 365>>doc:ACMP.68.ACMP-Solutions.Lizenzmanagement.Microsoft 365.WebHome]]
136 +* [[Setting up OAuth2 on the ACMP Server>>doc:ACMP.68.ACMP-Solutions.System.Einstellungen.ACMP Server.OAuth2 am ACMP Server einrichten.WebHome]]
137 +* [[ACMP Intune Connector>>doc:ACMP.68.ACMP-Solutions.Client-Management.ACMP Intune Connector.WebHome]]
170 170  
© Aagon GmbH 2026
Besuchen Sie unsere Aagon-Community