Loading...

Authenticate to the Intune PowerShell module using an Azure application and a certificate


In this post i will show you how to authenticate to the Microsoft.Graph.Intune PowerShell module using aan Azure application and a certificate.

 

Create the Azure application

1. Log in to Azure

2. Go to Azure Active Directory

3. Go to App registrations

4. Click on New registration

5. Type a name

6. Let by default

7. Click on Register


8. You now have access to your app info

 

For later we will the below information from the overview part of the application:

- Client ID

- Tenant ID

 

Basic authentication

To authenticate to the module and play with Intune we will use the below cmdlet:

This will open a prompt to enter your credentials.

We will use a quick cmdlet to list all devices, the below one:

 Get-IntuneManagedDevice


Authenticate using a secret

You can find in a previous post, how to authenticate to the module wit a secret.

 

Authenticate with certificate

This will works in :

1. Generate a certificate

2. Upload the certificate to the Azure app

3. Deploy certificate to devices

4. Connect to the module using certificate

 

Generate a certificate

We will run the below script to generate the certificate on a device:

This will export a .CER file.

Keep this file as we will upload it on Azure.

 

Import certificate on Azure

Now we will add our certificate to our new Azure app

1. Go to your Azure app

2. Go to Certificates & secrets


3. In the Certificates part, click on Upload certificate


4. Browse to your cer certificate

5. Click on Add

6. You will get the below notification:



 

Get the good Intune module

Basically, the Microsoft.Graph.Intune module does not allow you to authenticate using a certificate.

You can only authenticate with a secret.

Secret is cool for lab but for PROD, it's like typing its password in the script.

Ok, ok, now a cool thing.

A really nice guy called Nicola Suter updates the module to integrate authentication with a certificate.

You can download the new module version there.

 

Then proceed as below:

1. Go to the Modules folder: C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Intune

2. Rename the module folder there 6.1907.1.0 to 6.1907.1.0_old

3. Copy downloaded sources

 

Authentication

We will now connect to our tenant via the Graph.Intune module and our Azure application.

We will need the following information:

- Name of the tenant

- The client ID of your app

- The certificate Thumbprint

 

Use the following code to authenticate:

 

We will now use a simple cmdlet to see the result.

We want to list the devices: Get-IntuneManagedDevice

We are getting an authorization error.

 


This is normal because we need to add permissions to our application.

We have to say what this application will do.

 

Add permissions

First we need to list the permissions we need.

To do this, browse the API doc, link here.

Here the link for the Get DeviceManagement part.

1. Go to your Azure application

2. Click on API permissions

3. Click Add a permission

4. Choose Microsoft Graph


5. Click on Application permissions


6. Navigate to DeviceManagementManagedDevice


7. Check DeviceManagementManagedDevices.ReadWrite.All

8. Click on Add permissions


9. Click on Grant admin consent



10. Click on yes


11. Log in again via powershell

12. Reuse Get-IntuneManagedDevice

13. We now have access 

Powershell 3362728849429451623

Enregistrer un commentaire

Accueil item

Award

Join me soon

Join me soon

Endpoint Manager award

Mes articles en français

Author of Books

PowerShell GUI & WPF Group

PowerShell GUI & WPF Group

Join the FPSUGR

Join the FPSUGR

Stats