# Creating App Registrations for Easy2Patch In this article, where we explain how to give the necessary permissions for the Intune Update and Application Deployment features that come with Easy2Patch 3.0 and the Critical Update Management with Defender features that come with Easy2Patch 3.1, you need to have the appropriate permissions because we will be running AppRegistrations on the Azure Portal. ## Creating App Registrations 1\. First, log in to with a user account with appropriate privileges. 2\. Type **App Registrations** in the **Search** field. Click on the **App registrations** link that will appear in the **Services** area. 3\. If you want to use an existing **App registrations**, click it to continue from step [**Authorization**](#authorization). If you want to create a new one, continue from step 4. 4\. Click the **New registration** button.

New App registration in Azure Portal — New registration

5\. After entering a suitable name in the **Name** field, select the organization level, if any, and press the **Register** button. The default settings are as follows.

## Creating Credential Information It is information to be used through the App registration API. Applications will use this record to perform authorized transactions without a user account. The login mechanism of the application will be with the credential information to be created for App registration. The following steps are applied to add a Credential. 1\. Make a note of the **Application (client) ID** and **Directory (tenant) ID** information. Then click on the **Add a certificate or secret** link.

App Registration credential information in Azure Portal — Credential Information

2\. Click **New client secret**,

App registration secret key creation — Secret

3\. Specify the duration with the optional description field from the pane that will open on the right. For security reasons, App registration secret information is created temporarily. After selecting a suitable time, press the **Add** button.

4\. When the secret is created, it is written to the screen as clear text for once. It is not possible for you to learn this text again. Therefore, the Secret value printed on the screen after this process must be noted. It can be copied with the clipboard button next to it.

## Authorization Permissions are granted in 2 stages. 1st group permission is **Microsoft Graph**, 2nd group permission is **WindowsDefenderATP** permissions. ### Microsoft Graph 1\. Find and click the newly created registration from the list on the **App registrations** screen, 2\. Click on **API permissions** on the screen that comes up, 3\. Click **+ Add permission** button, 4\. Click the **Microsoft Graph** button, 5\. Click the **Application permissions** button, 6\. The permissions in the table below are selected, | Category | Permission | | ------------------------------ | --------------------------------------- | | Application | Application.Read.All | | Application | Application.ReadWrite.All | | DeviceManagementApps | DeviceManagementApps.ReadWrite.All | | DeviceManagementConfiguration | DeviceManagementConfiguration.Read.All | | DeviceManagementManagedDevices | DeviceManagementManagedDevices.Read.All | | DeviceManagementRBAC | DeviceManagementRBAC.Read.All | | DeviceManagementServiceConfig | DeviceManagementServiceConfig.Read.All | | Group | Group.Read.All | | GroupMember | GroupMember.Read.All | | User | User.Read.All | 7\. After the adding process is finished, click the **Grant admin consent for \** button. Click **Yes** on the confirmation screen. ### WindowsDefenderATP 1\. Click **+ Add permission** button, 2\. Switch to **APIs my organization** uses tab, 3\. Type **WindowsDefenderATP** in the Search field and click on **WindowsDefenderATP** from the list, 4\. Click the **Application permissions** button, 5\. Select the permissions in the table below and click the **Add permissions** button. | Category | Permission | | --------------------------- | ------------------------------------ | | Alert | Alert.Read.All | | Ip | Ip.Read.All | | Machine | Machine.Read.All | | Machine | Machine.Scan | | RemediationTasks | RemediationTasks.Read.All | | Score | Score.Read.All | | SecurityBaselinesAssessment | SecurityBaselinesAssessment.Read.All | | SecurityConfiguration | SecurityConfiguration.Read.All | | SecurityRecommendation | SecurityRecommendation.Read.All | | Software | Software.Read.All | | User | User.Read.All | | Vulnerability | Vulnerability.Read.All | 6\. After the adding process is finished, click the **Grant admin consent for \** button. Click Yes on the confirmation screen. After app registration creation and authorization processes are completed, **Application (client) ID** and **Directory (tenant) ID** and **Secret** information can be entered on the Easy2Patch Intune settings screen, and the use of the application can be started.