Register an Application in Azure Active Directory

IT Asset Management (Cloud)

In order to establish a connection with Microsoft Intune on the FlexNet Beacon, you need to specify a Tenant ID, Client ID and Client Secret when setting up the PowerShell source connection. To get this information, you will have to register an application in your Azure Active Directory portal to connect with the Microsoft Graph API ( The Microsoft Graph API is called to get the information from Intune discovered apps. Intune discovered apps is a report that lists detected apps on Microsoft Intune enrolled devices in your tenant, and acts as a software inventory for your tenant.

Note: Intune discovered apps report refreshes every 7 days from the time of enrollment (not a weekly refresh for the entire tenant). The only exception to this refresh cycle for the Discovered apps report is application information collected through the Intune Management Extension for Win32 Apps, which is collected every 24 hours.

Use the following procedure to register an application in your Azure Active Directory for connecting to the Microsoft Graph API.

  1. Log into your Azure Directory portal (, navigate to App registrations and create a New registration.
  2. For your new registration, specify the following prior to selecting Register:
    1. A name for the new application.
    2. Who can use the application. Important: select "Accounts in this organizational directory only ([ORG_NAME] only - Single tenant)".
    3. Provide a redirect URI (optional).
  3. After registering, take a note of the Application (Client) ID. This is required when creating the PowerShell source connection.
  4. In the left pane, under Manage, select Certificates & secrets and create a new client secret. You will have two options: New client secret or Upload certificate. Select New client secret.
    Important: Ensure to take a note of the Client secret Value before changing screens, as this is displayed one-time only. Later, the value will be masked and you will not be able to retrieve it. Your only option, is to delete the application and create a new one. Similar to the Application (Client) ID, this is required when creating the PowerShell source connection.
  5. You now need to request API permissions. In the left pane, under Manage, this time select API permissions and select Add a permission.
  6. In the "Request API permissions" screen, do the following:
    1. Select Microsoft APIs followed by Microsoft Graph.
    2. Select Application Permissions.
    3. Expand the DeviceManagementApps dropdown and check DeviceManagementApps.Read.All.
    4. Expand the DeviceManagementManagedDevices dropdown and check DeviceManagementManagedDevices.Read.All.
    5. Expand the Directory dropdown and check Directory.Read.All.
  7. Once you have added all the above permissions, select Grant admin conset for [ORG_NAME].

    IT Asset Management (Cloud)