Skip to main content

Authentication and Authorization

Authentication and authorization is done via Azure AAD using an Azure App Registry,

The required application roles must be created and login and logout redirect URIs must be configured within the Azure App registry after the setup is executed.

The following steps describe how to create the required user roles, assign AAD groups for authorization, and configure the redirect URIs.

Role concept

Application roles are used for authorization

Role
 Description
App.Read
 Members of this role have read access to Intune applications.
App.Create
 Members of these roles are allowed to create Intune applications (MECM -> Intune, Intune -> Intune).
App.Modify Members of these roles are allowed to edit Intune applications.
App.Delete Members of these roles are allowed to delete Intune applications.


Roll Attachment

app-roles1a.png

app-roles2a.png

app-roles3a.png

app-roles4a.png

app-roles5a.png

app-roles6a.png

app-roles7a.png

AAD Group assignment

role-assignment1.png

role-assignment2.png

role-assignment3.png

role-assignment4.png

role-assignment5.png

role-assignment6.png

role-assignment7.png


Configuration Redirect URIs

redirect-uri1.png

Intune Manager - Authentication - Add Web.png

Intune Manager - Authentication - Web fertig konfiguriert.png

- https://localhost/IntuneManager/signin-oidc

- https://localhost/IntuneManager/signout-oidc 

redirect-uri3.png
















 

Back to top