Skip Navigation

Create an enterprise endpoint in
Azure

To provide
BlackBerry UEM
access to
Microsoft Azure
you must create an enterprise endpoint within
Azure
. The enterprise endpoint allows
BlackBerry UEM
to authenticate with
Microsoft Azure
. For more information, see https://docs.microsoft.com/en-us/azure/active-directory/active-directory-app-registration.
If you are connecting
BlackBerry UEM
to both
Microsoft Intune
and the
Windows Store
for Business, use a different enterprise application for each purpose to avoid issues with different permissions and potential future changes.
Creating the app to use
Microsoft Intune
(step 10), must be completed using the
Azure
account with Global administrator permissions.
  1. Log in to the Azure portal.
  2. Go to
    Microsoft Azure > Azure Active Directory > App registrations
    .
  3. Click
    Endpoints
    .
  4. Copy the
    OAUTH 2.0 TOKEN ENDPOINT
    value and paste it to a text file.
    This is the
    OAUTH 2.0 token endpoint
    required in
    BlackBerry UEM
    .
  5. Close the
    Endpoints
    list and select
    New application registration
    .
  6. Enter the following information for your app:
    Field
    Setting
    Name
    <A name for your application>
    Application type
    Web app or API
    Sign-on URL
    Any valid URL
    If you don't have a registered domain you can use: http://localhost/
  7. Click
    Create
    .
  8. Click on the app you just created.
  9. Copy the
    Application ID
    of your app and paste it to a text file.
    This is the
    Client ID
    required in
    BlackBerry UEM
    .
  10. Create the app to use
    Microsoft Intune
    , click
    Required permissions
    in the
    Settings
    menu. Perform the following steps.
    1. Click
      Add
      .
    2. Click
      Select an API
      .
    3. Select
      Microsoft Graph
      .
    4. Click
      Select
      .
    5. Scroll down in the permissions list and under
      Delegated Permissions
      , set the following permissions for
      Microsoft Intune
      :
      • Read and write
        Microsoft Intune
        apps (preview)
      • Read all users' basic profile
      • Read all groups
    6. Click
      Select
      .
    7. Click
      Done
      .
    8. Click
      Grant Permissions
      in the
      Required permissions
      pane.
    9. When prompted, click
      Yes
      to grant permissions for all accounts in the current directory.
  11. Select
    Keys
    in the
    Settings
    menu. Perform the following actions:
    1. Enter a name for your key.
    2. Select a duration for your key.
    3. Click
      Save
      .
    4. Copy the value of your key.
      This is the
      Client Key
      that is required in
      BlackBerry UEM
      .
      If you do not copy the value of your key at this time, you will have to create a new key because the value is not displayed after you leave this screen.