> For the complete documentation index, see [llms.txt](https://docs.adaptiva.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.adaptiva.com/anywhere/configure-intune.md). # Configuring OneSite for Intune OneSite for Intune needs to be authorized to create apps in Intune using an App Registration in Microsoft Entra. This allows the Adaptiva Server service to use specific permissions granted to the application created in the Microsoft Entra tenant. For additional information on applications in Microsoft Entra, see the following [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity-platform/how-applications-are-added). ## Create an App Registration in Microsoft Entra You need to create an App Registration in Microsoft Entra to automate the creation of Apps in Intune using the Admin Portal. There are now TWO types of App Registration possible. * Option 1 - Application permissions: Create an App Registration that every Admin Portal user will use. This option does not allow for automatic assignment of Scope Tags based on the User profile. * Option 2 - Delegated permissions: Create an App Registration that uses Delegated Permissions. Permissions can be delegated to a specific account or can be assigned to the user account. This option is required if each user has the potential for different scope tags and those are to be associated with the app when the app is created. Complete the following steps to create an App Registration in Microsoft Entra. You can find the latest Microsoft Entra guidance on [Microsoft Learn](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app). 1. Log into Azure () using an account with the appropriate role assignment. 2. In the search bar, type **App Registration** and select it. ![](/files/RLLK0HW7Nbi7Q27K3Wrv) 3. Click **+ New registration** and enter the following properties: ![](/files/CHeWkRzciyFuBJ5Y8eJI) * **Name:** Enter a name to identify this app registration for Adaptiva, e.g. AdaptivaOneSite. * **Supported account types**: Accounts in this organizational directory only. * **Redirect URI (optional)**: Leave blank. 4. Click **Register**. 5. Copy and provide the following IDs to the Adaptiva administrator: * **Application (client) ID**: This will be used in the Intune App ID field. * **Directory (tenant) ID**: This will be used in the Intune App Tenant ID field. 6. In the left-hand pane, click **API permissions**. ![](/files/itICzwm2K9gjfWRU4WF7) 7. Click **+ Add a permission**. ![](/files/hmPMNtwK5odFtZrzjOQn) 8. Select **Microsoft Graph** ![](/files/Trd6LTOiIFyxkIT0IvIi) 9. Choose the appropriate permission type for your application: * For Option 1 select **Application permissions**. * For Option 2 select **Delegated permissions**. 10. Type **DeviceManagement** in the permissions search filter. 11. Expand **DeviceManagementApps**. 12. Check the box for **DeviceManagementApps.ReadWrite.All**. ![](/files/jeY26R7RUAaAEdf8FdUj) 13. Expand **DeviceManagementRBAC**. 14. Check the box for **DeviceManagementRBAC.Read.All**. ![](/files/W8AOQBLVUbIte8Fuvuzk) 15. Click on **Add permissions**. 16. Under **Configured permissions**, click on ![](/files/uOvrDqD2lXV4PE5PqzI0) **Grant admin consent for** and select **Yes**. ### Option 1 - Application permissions Complete these steps to create an App Registration for Option 1 where an App Secret will be used. 1. In the left-hand pane, click ![](/files/YjHQXo5s27fdhi8vQri7) **Certificates & secrets**. ![](/files/z4Zb70MDB13NkDsCtdp7) 2. Under **Client secrets**, click **+ New client secret**. ![](/files/ALP19dq6pbfEzv2C976s) 3. Enter a description and select the appropriate expiration timeframe based on the company's security guidelines, then click **Add**. {% hint style="info" %} There can only be TWO client secrets. Secrets can be deleted and recreated. {% endhint %} 4. The client secret will be displayed. Under the **Value** column, click on the copy icon ![](/files/bHiQAO8taEYVgyHp1vx6) to copy the secret to the clipboard. The secret can only be retrieved when it is created, it cannot be retrieved later. 5. Provide the secret value to the Adaptiva Administrator along with the Directory (Tenant) and Client (App) IDs. {% hint style="info" %} Create a reminder on your calendar for the end date to create a new App secret. {% endhint %} Continue with the [Configure Intune Access Settings](#configure-intune-access-settings). ### Option 2 - Delegated permissions Complete these steps to create an App Registration for Option 2 where a delegated account will be used. 1. Click on **Authentication** (in the left pane). ![](/files/OdKDWLBTnkVIFr1QmuTr) 2. Click on **+ Add a platform**. 3. In the far-right pane under Configure platforms, select **Mobile and desktop applications**. ![](/files/6raG6FcyIL6FS60kil35) 4. Check the box for `https://login.microsoftonline.com/common/oauth2/nativeclient` and click **Configure**. 5. Under **Advanced Settings**, select **Yes** to **Allow public client flows**. ![](/files/Y6OBhMRPeaiYW48BmYbj) 6. Click **Save**. ## Configure Intune Access Settings To configure Adaptiva OneSite to use the App Registration, complete the following steps on the Adaptiva Server. Gather the following information from the Entra ID App Registration completed above: * Tenant ID * App ID * (optional) Client Secret ID and Value **Perform the following on the Adaptiva Server.** ### Download Win32 Content Prep tool 1. Open a web browser and go to the following URL: . 2. Select the Code dropdown and click **Download ZIP**. 3. Extract the files to the Adaptiva folder, **%ProgramFiles%\Adaptiva\IntuneWinTool**. 4. Shift + right-click the **IntuneWinAppUtil.exe** and select **Copy as Path**. ### Complete the Intune Configuration on Adaptiva Server 1. Log in to the Admin Portal - `http://AdaptivaServerFQDN[:customport]`. 2. Enter the appropriate credentials or click on **Login with Active Directory**. 3. Click **OneSite for Intune**. 4. Click **Go to Settings**. 5. Select the **Intune Access Settings** tab. ![](/files/54FNqwYUt3kwwSiaC3bi) Complete the following: * **IntuneWinAppUtil.exe Path**: Enter the local path including the executable name to the downloaded IntuneWinAppUtil.exe. The following should be provided by the Azure Global Admin. They can be found in App Registrations. Select the App registration created for Adaptiva. * **Intune App Tenant ID**: Enter the Directory (Tenant) ID. * **Intune App ID**: Enter the Client (App) ID. * **Login Type:** Select the following based on how the App Registration was created above: * **App Secret** - Option 1 was followed to create the App Registration. All apps will be created using the App Secret. ![](/files/fZjtIhf7DlRgDznmzpUm) * **Global Deferred Account** / **Per Admin Deferred Account** - Option 2 was followed to create the App Registration. Use Global Deferred Account when all Intune apps should be created using the same Azure AD account. Use Per Admin Deferred Account when each Intune app should be created using the account associated with the Adaptiva Login ID. When these options are used the login type will display: ![](/files/bDpL3OfXU1S2g79oennK) Complete one of the Options below depending on which App Registration was created. ### Option 1 (Application permissions) Complete these steps to enter the Intune Settings for Option 1 where an App Secret will be used. 1. Enter the Intune App Client Secret that was provided by the Intune Global Admin. 2. Click on **Save**. 3. Click **Validate with Graph API** to confirm the settings will allow the creation of apps in Intune. The server will validate the connection and will display the following when successful (for 3 seconds). ![](/files/1D1kr1hlNiVqXYiCDysO) If the App Secret entered is not correct a message will be displayed in the Error View panel. ![](/files/525abPYxyeEotZU7p3Zu) Correct the App Secret, click **Save** and retry the validation. ### Option 2 (Delegated permissions) Complete these steps to enter the Intune Settings for Option 2 where a deferred account will be used. 1. Click **Authenticate**. ![](/files/BF8qXNKO8GFBguVjUDxc) 2. Copy the Device Code, then click **Authenticate**. {% hint style="info" %} The code will be requested on the next screen, be sure to copy it or write it down. {% endhint %} 3. A login for Microsoft will be displayed, enter the code from the previous screen. Click **Next**. 4. Confirm the tenant and username are correct. Click **Next**. ![](/files/iLj8lKQm6PubuyK7FfFS) 5. Enter the password for that account in that tenant. Click **Sign in**. * Complete any authentication that is required. 6. Close the tab. ![](/files/5JckI5u4qjkxWRfkbnnc) 7. Click **Validate with Graph API** to confirm the settings will allow the creation of apps in Intune. The server will validate the connection and will display the following when successful (for 3 seconds). ![](/files/1D1kr1hlNiVqXYiCDysO) {% hint style="info" %} When Per Admin Deferred Account has been selected every Adaptiva user will be prompted to enter their Azure AD account credentials. This will occur when the P2P App is published to Intune. {% endhint %} ### Configure Content Publication Settings You will need to configure cloud storage for Adaptiva clients on the internet, in order for them to get content from the Adaptiva CDN. 1. In the left-hand navigation, click **Intune Settings > Content Publication Settings**. 2. Check the **Cloud Storage** box to publish Intune P2P App content to the Adaptiva CDN. 3. Click **Save**. OneSite for Intune is now configured to work with Microsoft Intune. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.adaptiva.com/anywhere/configure-intune.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.