Azure Custom Application Permissions

Overview

This document is intended to go over the custom permissions necessary for the advanced features of ImmyBot.

Create an App Registration

Navigate to: https://aad.portal.azure.com/

1. Click on app registration

2. Click on new registration

3. Name it something recognizable such as "ImmyBot Custom Application"
4. Select second radial button for (Any Microsoft Entra ID tenant - Multitenant)"
5. Add your Web redirect URI
6. Click Register

WARNING

Important! Your app registration must have a Web redirect uri of https://<your-domain>.immy.bot/consent-callback, replacing <your-domain> appropriately

Grant Permissions

See the s below for the minimum permissions.

1. Click on API Permissions

2. Click Add Permissions

   

3. Click on Microsoft Graph

   📷

   

4. Click on Application Permissions

   

5. Add the following permissions

   Permission	Required	Notes
   DelegatedAdminRelationship.Read.All	Yes
   Directory.Read.All	Yes
   User.Read	Yes
   DeviceManagementScripts.ReadWrite.All	No	Needed for using the Deploy Immy Agent to Intune task
   DeviceManagementConfiguration.ReadWrite.All	No	Needed for using the Enroll in Autopilot task
   DeviceManagementManagedDevices.ReadWrite.All	No	Needed for using Sync Primary User With Intune task
   Application.ReadWrite.All	No	Needed for using Add Azure Sync Fabric to Tenant task

   

6. Click Grant Admin Consent for <'your Azure tenant name'>

   

Create Client Secret

1. Click on Certificates & Secrets which is under Manage
2. Click on New Client Secret
   

3. Create a meaningful description
4. Set the Expires timeline to 24 months
5. Click Add
   

6. Copy the Secret Value and paste it into ImmyBot
   

Please see GDAP Customers if you want ImmyBot to access your customers' data.

INFO

Copy the Application (client) ID and Client Secret Value into the form in ImmyBot. The form in ImmyBot is located under Show More -> Azure and will be shown when you select Custom for the permission level