Create an Azure AD Application

Create an Azure AD Application

:choco-info: NOTE

The Chocolatey Intune integration shipped as part of v3.0.0 of the Chocolatey Licensed Extension.

:choco-info: NOTE

The Chocolatey Intune integration requires a valid Chocolatey for Business or Chocolatey for Business Trial license.

Summary

To allow Chocolatey to access the Intune tenant and work with packages, a user with the Global Administrator or Privileged Role Administrator permissions must create an Azure AD Application in your Azure tenant. See the Microsoft Graph API documentation for further information.

The steps and screenshots below are current as of July 2021.

Create Azure AD Application

  1. Log into AzureAD Portal.
  2. Navigate to App registrations in Azure Active Directory. AzureAD Application Registration position
  3. Click New Registration. New Registration
  4. Provide a name for your application and leave the rest of the fields blank/default.
  5. Click Register.
  6. Select API permissions from the menu on the left. API Permissions
  7. Click the three dots for the menu on User.Read, choose Remove Permissions, and confirm you want to remove the permissions. Remove Existing Permissions
  8. Click Add a permission.
  9. Select Microsoft Graph. Select Microsoft Graph
  10. Select Application permissions. Select Application Permissions
  11. Search for device and expand DeviceManagementApps and check off DeviceManagementApps.ReadWrite.All.

Select DeviceManagementApps.ReadWrite.All

  1. Click Add permissions.
  2. Click Grant admin consent for <tenant> followed by Yes when prompted. Grant Admin Consent for your domain

Create a secret for your Azure AD Application

:choco-warning: WARNING

It's important to note down the secret generated below as you cannot retrieve it again. If you forget the secret you will need to generate another one.

Once you’ve created your AzureAD Application, you need to generate a secret for it. The secret is what Chocolatey will use to authenticate with the Microsoft Graph API and should be protected like any other password.

  1. In the Application overview for your Application, select Certificates & secrets. Certificates & Secrets
  2. Under Client secrets select New client secret. New client secret
  3. (Optional) Provide a description and expiry date for the client secret. Add a client secret
  4. Click Add.
  5. Note the Value down (it will not be shown again, so be sure to save it or you will need to generate another secret).

Obtaining and using your AzureAD Application information with Chocolatey

Once you’ve created both the AzureAD Application and the secret, you will want to obtain the registration information to use it with Chocolatey. Complete the folllowing steps to do so:

  1. Log into the AzureAD Portal and navigate to the App registration page for your application.
  2. Here you will find your Application (client) ID, and your Directory (tenant) ID. Finding Application and Directory IDs
  3. The Application ID is the value used when we talk about TENANT CLIENT ID.
  4. The Directory ID is the GUID value used when we talk about INTUNE TENANT GUID.
  5. The Secret is the value used when we talk about TENANT CLIENT SECRET.