Skip Navigation

Create an app registration in
Azure

To provide
BlackBerry UEM
access to
Microsoft Azure
, you must create an app registration within
Azure
that allows
UEM
to authenticate with
Azure
. For more information, see Register an application with the Microsoft identity platform.
If you are connecting
UEM
to both
Microsoft Intune
and the
Windows Store
for Business, use a different app registration for each purpose due to differences in permissions and potential future changes.
Microsoft
national cloud deployments (or any deployment that requires a login URL other than login.microsoftonline.com) require additional steps to connect
UEM
with
Intune
. For more information, see KB75773.
  1. Log in to the
    Azure
    portal.
  2. Go to
    Microsoft Azure > Azure Active Directory > App registrations
    .
  3. Click
    New registration
    .
  4. In the
    Name
    field, enter a name for the app.
  5. Select which account types can use the application or access the API.
  6. In the
    Redirect URI
    section, in the drop-down list, select
    Mobile Client/Desktop
    and enter a valid URL. The URL format is https://<
    FQDN_of_the_BlackBerry_UEM_server
    >:<
    port
    >/admin/intuneauth
  7. Click
    Register
    .
  8. Copy the
    Application ID
    of your application and paste it into a text file.
    This is the
    Client ID
    required in
    UEM
    .
  9. If you are creating the application to use
    Microsoft Intune
    , in the
    Manage
    section, click
    API permissions
    . Perform the following steps:
    1. Click
      Add a permission
      .
    2. Select
      Microsoft Graph
      .
    3. Select
      Delegated permissions
      .
    4. Scroll down in the permissions list and under
      Delegated Permissions
      , set the following permissions for
      Microsoft Intune
      :
      • Read and write
        Microsoft Intune
        apps (
        DeviceManagementApps > DeviceManagementApps.ReadWrite.All
        )
      • Read all groups (
        Group > Group.Read.All
        )
      • Read all users' basic profile (
        User > User.ReadBasic.All
        )
    5. Click
      Add permissions
      .
    6. Under
      Grant consent
      , click
      Grant admin consent
      . You must be a global administrator to grant permissions.
    7. When you are prompted, click
      Yes
      to grant permissions for all accounts in the current directory.
    You can use the default permissions if you are creating the app to connect to the
    Windows Store
    for Business.
  10. In the
    Manage
    section, click
    Certificates and secrets
    . Perform the following actions:
    1. Under
      Client secrets
      , click
      New client secret
      .
    2. Type a description for the client secret.
    3. Select a duration for the client secret.
    4. Click
      Add
      .
    5. Copy the value of the new client secret.
      This is the
      Client Key
      that is required in
      UEM
      .
      If you do not copy the value of your key at this time, you will have to create a new key because the value is not displayed after you leave this screen.
Configure
UEM
to synchronize with Microsoft Intune or the Windows Store for Business.