Setup TechSafe Solve for Intune

Your Azure administrators will need to complete these steps

Pre Requirements

1. Before beginning this step ensure the enterprise application, TechSafe Entra ID SSO, has been configured. This provides Single Sign On access to the TechSafe Portal and creates the base application required to configure Intune API access.

2. To confirm it’s been created please follow steps 1 to 3 in the below section.

3. If the TechSafe Entra ID SSO application is not listed, create it using the follow guide, SSO Setup Guide – TechSafe Mobile Device Management

Adding API Permissions to TechSafe Entra ID SSO applicaiton

 1. Open https://portal.azure.com

 2. Go to Microsoft Entra ID and then, In the left menu pane, select Manage -> App registrations

 3. Select All applications and search for “TechSafe Entra”. The application TechSafe Entra ID SSO should be listed. See below

 a. If the application is not listed, it will need to be created first. Please follow the SSO Setup Guide – TechSafe Mobile Device Management before continuing.

 

 4. Select the application and navigate to Manage -> API permissions

 5. In the Configured permissions section select + Add a permission and select Microsoft Graph from the popup pane.

 

 6. Select Application permissions as the type of permissions required.

 7. In the search bar enter each required permission listed in the permissions table shown in step 9 and search for it (Make sure there are no additional spaces in the text when pasting into the search bar).

 8. If multiple options are listed expand the associated Permission Group, as shown the table, and select the permission followed by Add permissions. An example is shown below:

 

 
9. Repeat this process for all permissions listed in the table below.

Required Permissions

Permission Group

Device.Read.All

Device

AuditLog.Read.All

AuditLog 

DeviceManagementApps.Read.All

DeviceManagementApps

DeviceManagementConfiguration.Read.All

DeviceManagementConfiguration

DeviceManagementManagedDevices.PrivilegedOperations.All

DeviceManagementManagedDevices

DeviceManagementManagedDevices.Read.All

DeviceManagementManagedDevices

DeviceManagementServiceConfig.Read.All

DeviceManagementServiceConfig

Policy.Read.All

Policy

User.Read.All

User
 

 10. Once all required permissions have been added you must Grant admin consent.

 11. Select Grant admin consent for xxxx, as shown below. If this option is greyed out, your account doesn’t have the required permissions. Please use an account with global admin rights to complete this step.

12. Once granted the status column will be updated with a green tick stating Granted for

Adding Certificates & Secrets

1. Select Certificates & Secrets

             a. Select “+ New Client Secret”

             b. Enter “TechSafe Solve for Intune” as the description

             c. Select required expiry period

                                i. Note: New codes must be provided when the existing one expires.

             d. ** Copy the secret value and keep it safe BEFORE navigating from this screen. TechSafe requires this value, which is hidden once the page is closed. A new secret will need to be created if not captured when it’s created.

 

After completing this step it should look like the image below.

 2. Return to the overview page.

Last step

 1. Provide the following IDs to the TechSafe Team to complete the configuration.

             a. Application (Client) ID

             b. Directory (tenant) ID

             c. The Secret value recorded at step 6d. 

             d. The expiry date of the secret value.