Microsoft Intune Management - Connect securely to Intune with Microsoft Graph and PowerShell!



Dear Microsoft Intune friends,


In this article I will show you how to create a "secure" connection to Microsoft Intune with Microsoft Graph and PowerShell! 


In this example, we use an app registration in Microsoft Entra ID and a certificate created on the local machine.


Create and export the certificate.


I use Visual Studio Code and PowerShell 7.
$certName = 'IntuneGraphAppCert'

$cert = New-SelfSignedCertificate -Subject "CN=$certName" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256 -NotAfter (get-date).AddYears(1)

Export-Certificate -Cert $cert -FilePath "C:\certs\$certName.cer"


Note: The certificate is created in the local certificate store and exported to the folder C:\certs. The certificate is valid for one year.



Create an app registration in Microsoft Azure AD.


1. Go to the Azure portal and create a new app registration in Azure AD.



2. Give the app a name and notice the following.



4. Go to the API permissions and add the following permissions (These serve only as an example).



5. Do not forget to grant admin consent.


6. Go to the certificate and secrets and upload the certificate.



Back in Visual Studio Code and PowerShell!
1. Install the Microsoft.Graph.
Install-Module -Name Microsoft.Graph -Verbose -Force -AllowClobber
2. Import the Microsoft.Graph module.
Import-Module Microsoft.Graph
3. Create some variables.
$TenantId = '77e01716-a6a2-4f99-b864-xxxxxxxxxxxx'
$AppId = '5c14b994-2290-4f84-9069-xxxxxxxxxxxx'
$certName = 'IntuneGraphAppCert'
$Cert = Get-ChildItem -Path 'Cert:\CurrentUser\My' | Where-Object { $_.Subject -eq "CN=$CertName" }


4. Connect to Microsoft Graph.
Connect-MgGraph -TenantId $TenantId -ClientId $AppId -Certificate $Cert


5. We check the permissions.
I am fully aware that this is only as good as the physical machine is secured. However, I would like to share my experiences with you. Thank you for taking the time to read the article.

Best regards, Tom Wechsler


P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on GitHub!

0 Replies