How can we help?

Microsoft Intune (App Registration) Integration

Netanel Hugi
Netanel Hugi
Torii SMP
Torii Identity

Overview

Torii integrates with Microsoft Intune and syncs users, licenses, and external apps.

  • You can connect multiple Microsoft Intune accounts to Torii.
  • You can constantly stay updated with application information from our Integrations Page >> Integration Capabilities button >> Integration Capabilities table.

This article covers connecting Microsoft Intune using an App Registration (app-only authentication) — You provide a Tenant ID, Application (Client) ID, and Client Secret. Authentication is performed using the application's credentials (client credentials flow), so no interactive admin sign-in is required during setup or sync.

Prefer to connect with an administrator user instead? See Microsoft Intune Integration.

Requirements

To connect this integration, we require the following:

Accounts & Permissions

  • An administrator who can register an application in Microsoft Entra ID and grant tenant-wide admin consent.

Scopes

Grant the following Microsoft Graph application permissions (with admin consent).

For data sync (required):

  • DeviceManagementManagedDevices.ReadWrite.All - to create the discovered apps report and read managed devices.
  • User.Read.All - to read users.
  • Organization.Read.All - to read organization and tenant information.
  • RoleManagement.Read.Directory - to read directory role definitions and assignments.

For workflow actions (only if you plan to run them):

  • DeviceManagementManagedDevices.PrivilegedOperations.All - to remotely lock, wipe, delete devices, and bypass activation lock.

Required keys

  • Tenant ID (Directory ID)
  • Application (Client) ID
  • Client Secret

How to Generate the Required Values

Step 1: Register an application

  1. Sign in to the Microsoft Entra admin center (entra.microsoft.com) with an account that can register applications and grant admin consent (Global Administrator, or Privileged Role Administrator and Cloud Application Administrator).
  2. Go to Identity > Applications > App registrations > New registration.
  3. Enter a name (for example, "Torii Microsoft Intune").
  4. Under Supported account types, select Accounts in this organizational directory only (Single tenant).
  5. Leave Redirect URI empty (not needed for app-only authentication).
  6. Select Register.
  7. On the application's Overview page, copy the Directory (tenant) ID and the Application (client) ID.

Step 2: Create a client secret

  1. Open Certificates & secrets > Client secrets > New client secret.
  2. Add a description and select the longest available expiry (recommended, so the connection needs re-credentialing less often).
  3. Select Add.
  4. Copy the secret Value immediately (copy the Value, not the Secret ID).

Important
The client secret Value is shown only once, right after creation. Copy it before leaving the page; you cannot retrieve it later. When it expires, create a new secret and reconnect.

Step 3: Grant Microsoft Graph application permissions

  1. Open API permissions > Add a permission > Microsoft Graph > Application permissions.
  2. Search for and add each permission listed under Requirements > Scopes above — the read permissions for data sync, plus the device-actions permission if you plan to run workflow actions.
  3. Select Grant admin consent and confirm.
  4. Verify each permission shows a green Granted status.

How to Connect the Integration

  1. Go to the Integrations page in Torii.
  2. Search for Microsoft Intune and click Connect.
  3. Select the App registration connection method.
  4. Enter the Tenant ID, Application (Client) ID, and Client Secret.
  5. Click Connect.



For any further questions, please contact Torii Support.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request