Configuring OneSite for Intune
OneSite for Intune needs to be authorized to create apps in Intune using an App Registration in Microsoft Entra. This allows the Adaptiva Server service to use specific permissions granted to the application created in the Microsoft Entra tenant. For additional information on applications in Microsoft Entra, see the following Microsoft documentation.
Create an App Registration in Microsoft Entra
You need to create an App Registration in Microsoft Entra to automate the creation of Apps in Intune using the Admin Portal. There are now TWO types of App Registration possible.
Option 1 - Application permissions: Create an App Registration that every Admin Portal user will use. This option does not allow for automatic assignment of Scope Tags based on the User profile.
Option 2 - Delegated permissions: Create an App Registration that uses Delegated Permissions. Permissions can be delegated to a specific account or can be assigned to the user account. This option is required if each user has the potential for different scope tags and those are to be associated with the app when the app is created.
Complete the following steps to create an App Registration in Microsoft Entra. You can find the latest Microsoft Entra guidance on Microsoft Learn.
Log into Azure (https://entra.microsoft.com) using an account with the appropriate role assignment.
In the search bar, type App Registration and select it.
Click + New registration and enter the following properties:
Name: Enter a name to identify this app registration for Adaptiva, e.g. AdaptivaOneSite.
Supported account types: Accounts in this organizational directory only.
Redirect URI (optional): Leave blank.
Click Register.
Copy and provide the following IDs to the Adaptiva administrator:
Application (client) ID: This will be used in the Intune App ID field.
Directory (tenant) ID: This will be used in the Intune App Tenant ID field.
In the left-hand pane, click API permissions.
Click + Add a permission.
Select Microsoft Graph
Choose the appropriate permission type for your application:
For Option 1 select Application permissions.
For Option 2 select Delegated permissions.
Type DeviceManagement in the permissions search filter.
Expand DeviceManagementApps.
Check the box for DeviceManagementApps.ReadWrite.All.
Expand DeviceManagementRBAC.
Check the box for DeviceManagementRBAC.Read.All.
Click on Add permissions.
Under Configured permissions, click on
Grant admin consent for and select Yes.
Option 1 - Application permissions
Complete these steps to create an App Registration for Option 1 where an App Secret will be used.
In the left-hand pane, click
Certificates & secrets.
Under Client secrets, click + New client secret.
Enter a description and select the appropriate expiration timeframe based on the company's security guidelines, then click Add.
There can only be TWO client secrets. Secrets can be deleted and recreated.
The client secret will be displayed. Under the Value column, click on the copy icon
to copy the secret to the clipboard.The secret can only be retrieved when it is created, it cannot be retrieved later.
Provide the secret value to the Adaptiva Administrator along with the Directory (Tenant) and Client (App) IDs.
Create a reminder on your calendar for the end date to create a new App secret.
Continue with the Configure Intune Access Settings.
Option 2 - Delegated permissions
Complete these steps to create an App Registration for Option 2 where a delegated account will be used.
Click on Authentication (in the left pane).
Click on + Add a platform.
In the far-right pane under Configure platforms, select Mobile and desktop applications.
Check the box for
https://login.microsoftonline.com/common/oauth2/nativeclientand click Configure.Under Advanced Settings, select Yes to Allow public client flows.
Click Save.
Configure Intune Access Settings
To configure Adaptiva OneSite to use the App Registration, complete the following steps on the Adaptiva Server.
Gather the following information from the Entra ID App Registration completed above:
Tenant ID
App ID
(optional) Client Secret ID and Value
Perform the following on the Adaptiva Server.
Download Win32 Content Prep tool
Open a web browser and go to the following URL: https://github.com/Microsoft/Microsoft-Win32-Content-Prep-tool.
Select the Code dropdown and click Download ZIP.
Extract the files to the Adaptiva folder, %ProgramFiles%\Adaptiva\IntuneWinTool.
Shift + right-click the IntuneWinAppUtil.exe and select Copy as Path.
Complete the Intune Configuration on Adaptiva Server
Log in to the Admin Portal -
http://AdaptivaServerFQDN[:customport].Enter the appropriate credentials or click on Login with Active Directory.
Click OneSite for Intune.
Click Go to Settings.
Select the Intune Access Settings tab.
Complete the following:
IntuneWinAppUtil.exe Path: Enter the local path including the executable name to the downloaded IntuneWinAppUtil.exe.
The following should be provided by the Azure Global Admin. They can be found in App Registrations. Select the App registration created for Adaptiva.
Intune App Tenant ID: Enter the Directory (Tenant) ID.
Intune App ID: Enter the Client (App) ID.
Login Type: Select the following based on how the App Registration was created above:
App Secret - Option 1 was followed to create the App Registration. All apps will be created using the App Secret.
Global Deferred Account / Per Admin Deferred Account - Option 2 was followed to create the App Registration.
Use Global Deferred Account when all Intune apps should be created using the same Azure AD account. Use Per Admin Deferred Account when each Intune app should be created using the account associated with the Adaptiva Login ID. When these options are used the login type will display:
Complete one of the Options below depending on which App Registration was created.
Option 1 (Application permissions)
Complete these steps to enter the Intune Settings for Option 1 where an App Secret will be used.
Enter the Intune App Client Secret that was provided by the Intune Global Admin.
Click on Save.
Click Validate with Graph API to confirm the settings will allow the creation of apps in Intune.
The server will validate the connection and will display the following when successful (for 3 seconds).
If the App Secret entered is not correct a message will be displayed in the Error View panel.
Correct the App Secret, click Save and retry the validation.
Option 2 (Delegated permissions)
Complete these steps to enter the Intune Settings for Option 2 where a deferred account will be used.
Click Authenticate.
Copy the Device Code, then click Authenticate.
The code will be requested on the next screen, be sure to copy it or write it down.
A login for Microsoft will be displayed, enter the code from the previous screen. Click Next.
Confirm the tenant and username are correct. Click Next.
Enter the password for that account in that tenant. Click Sign in.
Complete any authentication that is required.
Close the tab.
Click Validate with Graph API to confirm the settings will allow the creation of apps in Intune.
The server will validate the connection and will display the following when successful (for 3 seconds).
When Per Admin Deferred Account has been selected every Adaptiva user will be prompted to enter their Azure AD account credentials. This will occur when the P2P App is published to Intune.
Configure Content Publication Settings
You will need to configure cloud storage for Adaptiva clients on the internet, in order for them to get content from the Adaptiva CDN.
In the left-hand navigation, click Intune Settings > Content Publication Settings.
Check the Cloud Storage box to publish Intune P2P App content to the Adaptiva CDN.
Click Save.
OneSite for Intune is now configured to work with Microsoft Intune.
Last updated
Was this helpful?