Prerequisites for connecting to Microsoft Intune

Last updated March 27th, 2026

This section describes prerequisite procedures you need to perform before you can start connecting to Microsoft Intune.

To connect to Microsoft Intune, you need:

Step 1: Create a client ID and a tenant ID

Sign in to https://portal.azure.com.
Click More services.
Under Identity, click App registrations.
On the main screen, click New registration.
Enter a name for this application, for example, Knox E-FOTA.
Set Supported account types to Single tenant only.
Click Register. The Knox E-FOTA application is created. The client ID and tenant ID are displayed.
Copy the values next to Application (client) ID and the Directory (tenant ID).

In the left navigation, click Certificates & secrets.
In the main screen, under Client secrets, click New client secret.
Under Add a client secret, do the following:
1. Enter a description for the client secret, for example, Client secret for Knox E-FOTA.
2. Under Expires, select 24 months.
3. Click Add. The new client secret is added under Client secrets.
Copy the value of your new client secret.

In the left navigation, click API permissions.
In the main screen, under Configured permissions, click Add a permission.
Under Request API permissions, do the following:
1. Click Microsoft Graph.
2. Click Application permissions.
3. Under Select permissions, select all of the following permissions:
  
  You can find these permissions by entering them in the search bar.
  - User.read.all
  - Group.read.all
  - GroupMember.read.all
  - DeviceManagementManagedDevices.read.all
4. Click Update permissions. The permissions are saved for the app you registered in step 1.
In the main screen, under Configured permissions, click Grant admin consent for.
Click Yes when prompted to confirm your request. The Status column of the Configured permissions table shows Granted for.