Create an enterprise endpoint in Azure
BlackBerry UEMaccess to
Microsoft Azure, you must create an enterprise endpoint within
Azure. The enterprise endpoint allows
BlackBerry UEMto authenticate with
Microsoft Azure. For more information, see https://docs.microsoft.com/en-us/azure/active-directory/active-directory-app-registration.
If you are connecting
BlackBerry UEMto both
Microsoft Intuneand the
Windows Storefor Business, use a different enterprise application for each purpose due to differences in permissions and potential future changes.
Microsoftnational cloud deployments (or any deployment that requires a login URL other than login.microsoftonline.com) require additional steps to connect
Intune. For more information, visit support.blackberry.com/community to read article KB75773.
- Log in to the Azure portal.
- Go toMicrosoft Azure > Azure Active Directory > App registrations.
- ClickNew registration.
- In theNamefield, enter a name for the app.
- Select which account types can use the application or access the API.
- In theRedirect URIsection, in the drop-down list, selectMobile Client/Desktopand enter a valid URL. The URL format is https://<FQDN_of_the_BlackBerry_UEM_server>:<port>/admin/intuneauth
- Copy theApplication IDof your application and paste it to a text file.This is theClient IDrequired inBlackBerry UEM.
- If you are creating the application to useMicrosoft Intune, clickAPI permissionsin theManagesection. Perform the following steps:
You can use the default permissions if you are creating the app to connect to theWindows Storefor Business.
- ClickAdd a permission.
- SelectMicrosoft Graph.
- SelectDelegated permissions.
- Scroll down in the permissions list and underDelegated Permissions, set the following permissions forMicrosoft Intune:
- Read and writeMicrosoft Intuneapps (DeviceManagementApps > DeviceManagementApps.ReadWrite.All)
- Read all groups (Group > Group.Read.All)
- Read all users' basic profile (User > User.ReadBasic.All)
- ClickAdd permissions.
- UnderGrant consent, clickGrant admin consent.You must be a global administrator to grant permissions.
- When you are prompted, clickYesto grant permissions for all accounts in the current directory.
- ClickCertificates and secretsin theManagesection. Perform the following actions:
- UnderClient secrets, clickNew client secret.
- Type a description for the client secret.
- Select a duration for the client secret.
- Copy the value of the new client secret.This is theClient Keythat is required inBlackBerry UEM.If you do not copy the value of your key at this time, you will have to create a new key because the value is not displayed after you leave this screen.