CSM for Intune requires two individual registered Azure AD enterprise applications to be consented with specific permissions to Intune tenant.
Centero Azure AD Connector:
- Reads Azure AD users, devices and groups in the customers tenant.
- Requires customers Azure AD administrator (Global Administrator) to consent the application permissions.
- Is used by Centero Portal to verify that Customer's User is allowed to link the tenant to CSM for Intune.
- The Customer's user signed in the Centero Portal must be either Global Administartor or added as a member to Centero Azure AD Connector Enterprise application.
- Requires the following permissions to Customers tenant:
|
API name |
Permissons |
Type |
Granted trough |
|
Microsoft Graph |
Read directory data |
Application |
Admin consent |
|
Windows Azure Active Directory |
Sign in and read user profile |
Delegated |
Admin consent or User consent |
CSM for Intune
- Manages Intune apps and deployments.
- Requires customers Azure AD administrator (Global Administrator) to consent the application permissions.
- Requires the following permissions to Customers tenant:
|
API name |
Permissons |
Type |
Granted trough |
|
Microsoft Graph |
Read and write Microsoft Intune apps |
Application |
Admin consent |
|
Microsoft Graph |
Read Microsoft Intune devices |
Application |
Admin consent |
|
Microsoft Graph |
Read organization information |
Application |
Admin consent |
|
Windows Azure Active Directory |
Sign in and read user profile |
Delegated |
Admin consent or User consent |
