Authentication Options

Follow these steps to use certificate authentication with an app registration:

1. Create an Entra ID App Registration

• Navigate to Azure Portal → Entra ID → App Registrations
• Click "New Registration"
• Name your application (e.g., "IntuneAssignmentChecker")
• Select "Accounts in this organizational directory only"
• Click "Register"

2. Grant Required Application Permissions

• In your app registration, go to "API Permissions"
• Click "Add a permission" → "Microsoft Graph"
• Select "Application permissions"
• Add all required permissions listed in Prerequisites
• Click "Grant admin consent"

3. Create and Configure Certificate Authentication

# Create self-signed certificate
New-SelfSignedCertificate \
    -Subject "CN=IntuneAssignmentChecker" \
    -CertStoreLocation "cert:\CurrentUser\My" \
    -NotAfter (Get-Date).AddYears(2) \
    -KeySpec Signature \
    -KeyExportPolicy Exportable

# Export the certificate
$cert = Get-ChildItem Cert:\CurrentUser\My | Where-Object {$_.Subject -like "*IntuneAssignmentChecker*"}
Export-Certificate -Cert $cert -FilePath "C:\temp\IntuneAssignmentChecker.cer"

4. Upload Certificate to App Registration

• In Azure Portal, go to your app registration
• Click "Certificates & secrets"
• Select "Certificates"
• Click "Upload certificate"
• Upload the .cer file you exported

5. Configure Script with App Details

# Update these values in the script
$appid = '<YourAppIdHere>'           # Application (Client) ID
$tenantid = '<YourTenantIdHere>'     # Directory (Tenant) ID
$certThumbprint = '<YourThumbprint>' # Certificate Thumbprint

If you prefer not to set up an app registration, you can use interactive authentication:

• Run the script without any changes
• Select your Intune environment (Global, USGov, or USGovDoD)
• Choose interactive authentication by typing "y" when prompted
• Sign in with your credentials when the authentication window appears

Your permissions will be based on your user account's roles and permissions in Entra ID.