Creating App Registrations for Easy2Patch
Direnc Onen - 06/25/2023
Last updated
Direnc Onen - 06/25/2023
Last updated
In this article, where we explain how to give the necessary permissions for the Intune Update and Application Deployment features that come with Easy2Patch 3.0 and the Critical Update Management with Defender features that come with Easy2Patch 3.1, you need to have the appropriate permissions because we will be running AppRegistrations on the Azure Portal.
1. First, log in to https://portal.azure.com with a user account with appropriate privileges.
2. Type App Registrations in the Search field. Click on the App registrations link that will appear in the Services area.
3. If you want to use an existing App registrations, click it to continue from step Authorization. If you want to create a new one, continue from step 4.
4. Click the New registration button.
5. After entering a suitable name in the Name field, select the organization level, if any, and press the Register button. The default settings are as follows.
It is information to be used through the App registration API. Applications will use this record to perform authorized transactions without a user account. The login mechanism of the application will be with the credential information to be created for App registration. The following steps are applied to add a Credential.
1. Make a note of the Application (client) ID and Directory (tenant) ID information. Then click on the Add a certificate or secret link.
2. Click New client secret,
3. Specify the duration with the optional description field from the pane that will open on the right. For security reasons, App registration secret information is created temporarily. After selecting a suitable time, press the Add button.
4. When the secret is created, it is written to the screen as clear text for once. It is not possible for you to learn this text again. Therefore, the Secret value printed on the screen after this process must be noted. It can be copied with the clipboard button next to it.
Permissions are granted in 2 stages. 1st group permission is Microsoft Graph, 2nd group permission is WindowsDefenderATP permissions.
1. Find and click the newly created registration from the list on the App registrations screen,
2. Click on API permissions on the screen that comes up,
3. Click + Add permission button,
4. Click the Microsoft Graph button,
5. Click the Application permissions button,
6. The permissions in the table below are selected,
Application
Application.Read.All
Application
Application.ReadWrite.All
DeviceManagementApps
DeviceManagementApps.ReadWrite.All
DeviceManagementConfiguration
DeviceManagementConfiguration.Read.All
DeviceManagementManagedDevices
DeviceManagementManagedDevices.Read.All
DeviceManagementRBAC
DeviceManagementRBAC.Read.All
DeviceManagementServiceConfig
DeviceManagementServiceConfig.Read.All
Group
Group.Read.All
GroupMember
GroupMember.Read.All
User
User.Read.All
7. After the adding process is finished, click the Grant admin consent for <Organization> button. Click Yes on the confirmation screen.
1. Click + Add permission button,
2. Switch to APIs my organization uses tab,
3. Type WindowsDefenderATP in the Search field and click on WindowsDefenderATP from the list,
4. Click the Application permissions button,
5. Select the permissions in the table below and click the Add permissions button.
Alert
Alert.Read.All
Ip
Ip.Read.All
Machine
Machine.Read.All
Machine
Machine.Scan
RemediationTasks
RemediationTasks.Read.All
Score
Score.Read.All
SecurityBaselinesAssessment
SecurityBaselinesAssessment.Read.All
SecurityConfiguration
SecurityConfiguration.Read.All
SecurityRecommendation
SecurityRecommendation.Read.All
Software
Software.Read.All
User
User.Read.All
Vulnerability
Vulnerability.Read.All
6. After the adding process is finished, click the Grant admin consent for <Organization> button. Click Yes on the confirmation screen.
After app registration creation and authorization processes are completed, Application (client) ID and Directory (tenant) ID and Secret information can be entered on the Easy2Patch Intune settings screen, and the use of the application can be started.