Create an enterprise endpoint in Azure Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.15
  3. Installation and configuration
  4. Configuration
  5. Connecting BlackBerry UEM to Microsoft Azure
  6. Create an enterprise endpoint in Azure

Create an enterprise endpoint in
Azure

To provide
BlackBerry UEM
 access to
Microsoft Azure
, you must create an enterprise endpoint within
Azure
. The enterprise endpoint allows
BlackBerry UEM
 to authenticate with
Microsoft Azure
. For more information, see https://docs.microsoft.com/en-us/azure/active-directory/active-directory-app-registration.
If you are connecting
BlackBerry UEM
 to both
Microsoft Intune
 and the
Windows Store
 for Business, use a different enterprise application for each purpose due to differences in permissions and potential future changes.
Microsoft
 national cloud deployments (or any deployment that requires a login URL other than login.microsoftonline.com) require additional steps to connect
UEM
 with
Intune
. For more information, visit support.blackberry.com/community to read article KB75773.
  1. Log in to the Azure portal.
  2. Go to
    Microsoft Azure > Azure Active Directory > App registrations
    .
  3. Click
    New registration
    .
  4. In the
    Name
     field, enter a name for the app.
  5. Select which account types can use the application or access the API.
  6. In the
    Redirect URI
     section, in the drop-down list, select
    Mobile Client/Desktop
     and enter a valid URL. The URL format is https://<
    FQDN_of_the_BlackBerry_UEM_server
    >:<
    port
    >/admin/intuneauth
  7. Click
    Register
    .
  8. Copy the
    Application ID
     of your application and paste it to a text file.
    This is the
    Client ID
     required in
    BlackBerry UEM
    .
  9. If you are creating the application to use
    Microsoft Intune
    , click
    API permissions
     in the
    Manage
    section. Perform the following steps:
    1. Click
      Add a permission
      .
    2. Select
      Microsoft Graph
      .
    3. Select
      Delegated permissions
      .
    4. Scroll down in the permissions list and under
      Delegated Permissions
      , set the following permissions for
      Microsoft Intune
      :
      • Read and write
        Microsoft Intune
         apps (
        DeviceManagementApps > DeviceManagementApps.ReadWrite.All
        )
      • Read all groups (
        Group > Group.Read.All
        )
      • Read all users' basic profile (
        User > User.ReadBasic.All
        )
    5. Click
      Add permissions
      .
    6. Under
      Grant consent
      , click
      Grant admin consent
      .
      You must be a global administrator to grant permissions.
    7. When you are prompted, click
      Yes
       to grant permissions for all accounts in the current directory.
    You can use the default permissions if you are creating the app to connect to the
    Windows Store
     for Business.
  10. Click
    Certificates and secrets
    in the
    Manage
     section. Perform the following actions:
    1. Under
      Client secrets
      , click
      New client secret
      .
    2. Type a description for the client secret.
    3. Select a duration for the client secret.
    4. Click
      Add
      .
    5. Copy the value of the new client secret.
      This is the
      Client Key
       that is required in
      BlackBerry UEM
      .
      If you do not copy the value of your key at this time, you will have to create a new key because the value is not displayed after you leave this screen.