Authenticate to the Intune PowerShell module using an Azure application and a certificate
In this post i will show you how to authenticate to the Microsoft.Graph.Intune PowerShell module using aan Azure application and a certificate.
Create the Azure
application
1. Log in to
Azure
2. Go to Azure
Active Directory
3. Go to App
registrations
4. Click on New
registration
5. Type a name
6. Let by default
7. Click on
Register
8. You now have
access to your app info
For later we will
the below information from the overview part of the application:
- Client ID
- Tenant ID
Basic
authentication
To authenticate
to the module and play with Intune we will use the below cmdlet:
This will open a prompt to enter your credentials.
We will use a
quick cmdlet to list all devices, the below one:
Get-IntuneManagedDevice
Authenticate
using a secret
You can find in a
previous post, how to authenticate to the module wit a secret.
Authenticate with
certificate
This will works
in :
1. Generate a
certificate
2. Upload the
certificate to the Azure app
3. Deploy
certificate to devices
4. Connect to the
module using certificate
Generate a
certificate
We will run the
below script to generate the certificate on a device:
This will export
a .CER file.
Keep this file as
we will upload it on Azure.
Import certificate
on Azure
Now we will add
our certificate to our new Azure app
1. Go to your
Azure app
2. Go to
Certificates & secrets
3. In the
Certificates part, click on Upload certificate
4. Browse to your
cer certificate
5. Click on Add
6. You will get
the below notification:
Get the good
Intune module
Basically, the
Microsoft.Graph.Intune module does not allow you to authenticate using a
certificate.
You can only
authenticate with a secret.
Secret is cool
for lab but for PROD, it's like typing its password in the script.
Ok, ok, now a
cool thing.
A really nice guy
called Nicola Suter updates the module to integrate authentication with a
certificate.
You can download
the new module version there.
Then proceed as
below:
1. Go to the
Modules folder: C:\Program
Files\WindowsPowerShell\Modules\Microsoft.Graph.Intune
2. Rename the
module folder there 6.1907.1.0 to 6.1907.1.0_old
3. Copy
downloaded sources
Authentication
We will now
connect to our tenant via the Graph.Intune module and our Azure application.
We will need the
following information:
- Name of the
tenant
- The client ID
of your app
- The certificate
Thumbprint
Use the following
code to authenticate:
We will now use a
simple cmdlet to see the result.
We want to list
the devices: Get-IntuneManagedDevice
We are getting an
authorization error.
This is normal because we need to add permissions to our application.
We have to say
what this application will do.
Add permissions
First we need to
list the permissions we need.
To do this,
browse the API doc, link here.
Here the link for
the Get DeviceManagement part.
1. Go to your
Azure application
2. Click on API
permissions
3. Click Add a
permission
4. Choose Microsoft
Graph
5. Click on
Application permissions
6. Navigate to
DeviceManagementManagedDevice
7. Check
DeviceManagementManagedDevices.ReadWrite.All
8. Click on Add
permissions
9. Click on Grant
admin consent
10. Click on yes
11. Log in again
via powershell
12. Reuse
Get-IntuneManagedDevice
13. We now have access
1 commentaire
When you a glance at|have a glance at} slots online, although, they turn into a lot easier to manage. Caesar’s Empire is packed full of historical historic inspirations – from its RTG title to its visuals and gameplay. For instance, the reel table is framed by an image of the Roman Colosseum, which is a big symbol 1xbet of the empire’s history.
Enregistrer un commentaire