This guide walks you through creating an Azure AD application with Intune
permissions, then configuring a Microsoft Intune Endpoint Management
integration in Synqly.

## Prerequisites

- An Azure AD tenant with Microsoft Intune licenses.
- Administrator access to register applications in Azure AD.


## Step 1: Create an Azure AD Application

1. Log in to the [Azure portal](https://portal.azure.com).
2. Navigate to **Azure Active Directory** > **App registrations** > **New registration**.
3. Enter an application name (e.g., "Synqly Intune Integration").
4. Under **Supported account types**, select **Accounts in this organizational directory only**.
5. Click **Register**.
6. On the application overview page, note the **Application (client) ID** and the **Directory (tenant) ID**. You will need both values when configuring the integration.


## Step 2: Create a Client Secret

1. In the application you just registered, navigate to **Certificates & secrets**.
2. Click **New client secret**.
3. Enter a description and select an expiration period.
4. Click **Add**.
5. Copy the **Value** of the new secret immediately — it is shown only once. Store it securely.


## Step 3: Grant API Permissions

1. Navigate to **API permissions** > **Add a permission**.
2. Select **Microsoft Graph** > **Application permissions**.
3. Add the following permissions:
  - `DeviceManagementManagedDevices.Read.All` — required for querying devices.
  - `DeviceManagementConfiguration.Read.All` — required for querying compliance policies.
  - `DeviceManagementManagedDevices.PrivilegedOperations.All` — required only if you need remediation actions (wipe, retire, remote lock, etc.).
4. Click **Grant admin consent for [your tenant]** and confirm.


For more details, see the [Microsoft Graph permissions reference](https://learn.microsoft.com/en-us/graph/permissions-reference).

## Step 4: Configure the Integration in Synqly

- **Credential** — Select **OAuth Client** and enter:
  - **Client ID**: The Application (client) ID from Step 1.
  - **Client Secret**: The secret value from Step 2.
- **Tenant ID** — The Directory (tenant) ID from Step 1.
- **Base URL** — Leave blank for global commercial tenants. For national cloud deployments, enter the Microsoft Graph API URL for your environment (e.g., `https://graph.microsoft.us` for US Government GCC High, or `https://microsoftgraph.chinacloudapi.cn` for China).