Setting up a Microsoft Graph Connection

I’m back with part two! 

If you missed my first blog – on Microsoft Graph actually is – make sure you give it a read.

Now, to connect to Azure and use the data within the various products, an application registration needs to be created within Azure Active Directory. This grants access to the specified elements of Azure Active Directory, Office 365 or Intune, depending on what the application is required for. The application registration can be configured for anonymous authentication or using a secret key within the application to provide authentication for a particular user account.

Setting up the Application Registration allows connection through media such as Powershell or Microsoft Graph Explorer (more on this later).

Let’s create a new application registration which will be used to connect to the Intune Graph API.

1. The first step is to log into the Azure portal as a Global Administrator. This account role is needed to grant admin access to the Intune components.

2. Navigate to Azure Active Directory -> App Registrations

image showing where to find app registrations in azure ad

3. Select New Registration

4. Enter a name for the new application. In this case, it will be called Intune-API

5. Under the Supported Account Types, select Accounts in this organisational directory only (Contoso only – Single tenant). This may change depending on how this application will be accessed.

6. Under the Redirect URI (optional) setting, select Public client/native (mobile and desktop) from the drop-down menu.

7. In the field to the right, add the following URI – urn:ietf:wg:oauth:2.0:oob

8. Select Register

Once registered, this will present an overview of the newly created application. Make note of the Application (client) ID. This is highlighted below. You may need to add the client ID to scripts or applications to obtain an authorization token.

9. From this menu, select Authentication.

10. Scroll down to Implicit Grant and select ID Tokens

11. Click Save

12. Within the menu on the left, select API permissions

13. Microsoft Graph is already present. Click on Microsoft Graph (1)

At this stage it is worth pointing out that although the Microsoft Graph API is already present, we could have selected Add a permission and then selected Microsoft Graph from the list. We could also add other APIs such as SharePoint, OneNote or Exchange. As we are only interested in Microsoft Graph, we can leave this as default.

Image showing adding permissions in azure AD

14. Depending on how the application will access the API, in this case; Intune, there are two choices for the type of permissions to apply. Delegated permissions are used when the application will access the API as the user who is signed in to the application. Application permissions are used when the application runs as a background service with no signed-in user. In other words, anonymous authentication. For this example, we will select Delegated permissions.

15. The listed permissions relate to all areas of Microsoft 365 therefore we need to focus on the areas of Intune that are required. In this case, I will select the entries that start with the word

request API permissions in azure ad

16. Select the required permissions based on what the application, script or function is looking to achieve. As an example, the Read settings have been selected here. This allows the specified information to be read from Intune using the Graph API. Some of these settings require Admin consent.

permission settings for admin consent

17. Click Update Permissions

18. The selected permissions will be added to the application. For those permissions that require admin consent, we need to select the Grant admin consent for Contoso button

configured permissions azure ad

19. The application is now ready for use. In some cases, the script or application that is being developed will need the Application ID (mentioned in Step 8).

And that’s it!

Now if you’re interested in learning more, I’ll be releasing part three next Monday (edit: here’s the link!).

Next week – actually using Microsoft Graph!

(Plus bonus tutorial on accessing Intune Graph API using Powershell).

Any questions? Drop us a line at info@poweronplatforms.com and we’ll get back to you.

Stephen Barnard

Stephen Barnard

More about this author

Related resources

Don’t Aim for BAU – Aim Higher!

It’s tempting to get back to business as usual, but it’s not the best way forward. Now’s the time to review everything you rolled out during lockdown and look for cost-cutting or…

Using Microsoft Graph Explorer

Using Microsoft Graph Explorer – firstly, what is it? It’s a tool that helps you interact with Graph APIs such as Intune, but also provides a base for learning to develop apps and scripts…

What’s Your Post-Lockdown IT Strategy?

We’re running this live webinar and Q&A session to help you review your new way of working and identify any opportunities to cut costs, streamline operations or even get rid of inefficient setups.

Are you looking at Microsoft EMS in the NHS?

We’re running this short live webinar and Q&A session to discuss the options, opportunities and requirements you need to think about if you’re considering taking advantage of the key security services within the new M365 contract.

PowerON Logo

This website uses cookies to ensure you get the best experience on our website. Click here to read our cookie policy and privacy policy.