This guide walks you through creating an Azure AD application with Intune permissions, then configuring a Microsoft Intune Endpoint Management integration in Synqly.
- An Azure AD tenant with Microsoft Intune licenses.
- Administrator access to register applications in Azure AD.
- Log in to the Azure portal.
- Navigate to Azure Active Directory > App registrations > New registration.
- Enter an application name (e.g., "Synqly Intune Integration").
- Under Supported account types, select Accounts in this organizational directory only.
- Click Register.
- On the application overview page, note the Application (client) ID and the Directory (tenant) ID. You will need both values when configuring the integration.
- In the application you just registered, navigate to Certificates & secrets.
- Click New client secret.
- Enter a description and select an expiration period.
- Click Add.
- Copy the Value of the new secret immediately — it is shown only once. Store it securely.
- Navigate to API permissions > Add a permission.
- Select Microsoft Graph > Application permissions.
- Add the following permissions:
DeviceManagementManagedDevices.Read.All— required for querying devices.DeviceManagementConfiguration.Read.All— required for querying compliance policies.DeviceManagementManagedDevices.PrivilegedOperations.All— required only if you need remediation actions (wipe, retire, remote lock, etc.).
- Click Grant admin consent for [your tenant] and confirm.
For more details, see the Microsoft Graph permissions reference.
- Credential — Select OAuth Client and enter:
- Client ID: The Application (client) ID from Step 1.
- Client Secret: The secret value from Step 2.
- Tenant ID — The Directory (tenant) ID from Step 1.
- Base URL — Leave blank for global commercial tenants. For national cloud deployments, enter the Microsoft Graph API URL for your environment (e.g.,
https://graph.microsoft.usfor US Government GCC High, orhttps://microsoftgraph.chinacloudapi.cnfor China).