Authenticate to the Intune PowerShell module using an Azure application and a certificate

1 A+ A-

In this post i will show you how to authenticate to the Microsoft.Graph.Intune PowerShell module using aan Azure application and a certificate.


Create the Azure application

1. Log in to Azure

2. Go to Azure Active Directory

3. Go to App registrations

4. Click on New registration

5. Type a name

6. Let by default

7. Click on Register

8. You now have access to your app info


For later we will the below information from the overview part of the application:

- Client ID

- Tenant ID


Basic authentication

To authenticate to the module and play with Intune we will use the below cmdlet:

This will open a prompt to enter your credentials.

We will use a quick cmdlet to list all devices, the below one:


Authenticate using a secret

You can find in a previous post, how to authenticate to the module wit a secret.


Authenticate with certificate

This will works in :

1. Generate a certificate

2. Upload the certificate to the Azure app

3. Deploy certificate to devices

4. Connect to the module using certificate


Generate a certificate

We will run the below script to generate the certificate on a device:

This will export a .CER file.

Keep this file as we will upload it on Azure.


Import certificate on Azure

Now we will add our certificate to our new Azure app

1. Go to your Azure app

2. Go to Certificates & secrets

3. In the Certificates part, click on Upload certificate

4. Browse to your cer certificate

5. Click on Add

6. You will get the below notification:


Get the good Intune module

Basically, the Microsoft.Graph.Intune module does not allow you to authenticate using a certificate.

You can only authenticate with a secret.

Secret is cool for lab but for PROD, it's like typing its password in the script.

Ok, ok, now a cool thing.

A really nice guy called Nicola Suter updates the module to integrate authentication with a certificate.

You can download the new module version there.


Then proceed as below:

1. Go to the Modules folder: C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Intune

2. Rename the module folder there 6.1907.1.0 to 6.1907.1.0_old

3. Copy downloaded sources



We will now connect to our tenant via the Graph.Intune module and our Azure application.

We will need the following information:

- Name of the tenant

- The client ID of your app

- The certificate Thumbprint


Use the following code to authenticate:


We will now use a simple cmdlet to see the result.

We want to list the devices: Get-IntuneManagedDevice

We are getting an authorization error.


This is normal because we need to add permissions to our application.

We have to say what this application will do.


Add permissions

First we need to list the permissions we need.

To do this, browse the API doc, link here.

Here the link for the Get DeviceManagement part.

1. Go to your Azure application

2. Click on API permissions

3. Click Add a permission

4. Choose Microsoft Graph

5. Click on Application permissions

6. Navigate to DeviceManagementManagedDevice

7. Check DeviceManagementManagedDevices.ReadWrite.All

8. Click on Add permissions

9. Click on Grant admin consent

10. Click on yes

11. Log in again via powershell

12. Reuse Get-IntuneManagedDevice

13. We now have access 

Powershell 3362728849429451623

Enregistrer un commentaire

1 commentaire

Anonyme a dit…

When you a glance at|have a glance at} slots online, although, they turn into a lot easier to manage. Caesar’s Empire is packed full of historical historic inspirations – from its RTG title to its visuals and gameplay. For instance, the reel table is framed by an image of the Roman Colosseum, which is a big symbol 1xbet of the empire’s history.

Accueil item



Learn KQL in one month

You want to support me ?

Mes articles en français

Books in French