Azure Active Directory
AAD must be in hybrid mode and have either of these two options enabled:
- Pass-through authentication with Seamless single sign-on (SSO)
Both options are illustrated to the right.
Define the two AAD authentication applications required
You'll need to set up two Intune authentication applications for Shopping:
- Console authentication application, in this example named ShoppingConsoleAuthenticationClientApp
- Central Service authentication application, in this example named ShoppingServiceAuthenticationClientApp
Use the following steps to create and configure each App. It is vital to get the right configuration in order for Shopping to work with Intune.
In most cases the configuration steps are the same for each App, and the steps will tell you where they are different, but it is easy to get confused between each App.
You are recommended to configure one App at a time, going through the whole sequence of steps. If you want to configure both Apps at the same time, then do so in separate browser windows.
Depending on the version of Microsoft Azure you use, although you may see some differences in the UI, the steps required to set up the authentication applications will be the same.
Microsoft information can be found at https://docs.microsoft.com/en-us/graph/permissions-reference .
Most of the steps in the sequence are needed for both the Console and Central Service authentication applications. Where there are exceptions and the instructions apply to one or the other they will be called out explicitly.
Configure Administrator and Service Accounts
Make appropriate settings for Intune in Shopping
You can do this either during an installation or upgrade or from the Shopping Admin Console after an installation or upgrade.
During installation or upgrade
After installation or upgrade
Configuration Manager Co-management
This section describes where the co-management settings would be configured by a Configuration Manager administrator. The Intune clients will not try to do software distribution if this feature is not enabled. Please refer to your Configuration Manager documentation for full instructions on how to configure co-management. No additional configuration is needed in Shopping to support this feature.
Using a ConfigMgr console, in the Administration node, under Cloud Services, Azure Services, in the ribbon click on Configure Azure Services and add Cloud Management.
You are now ready to use Shopping with Intune. If you have appropriate applications set up in Intune, you can define the applications in Shopping (refer to Managing Intune applications for details) so that they can be made available to users.
Users can then request the applications from the Shopping web interface. The applications will be delivered by Intune and status will be returned to Shopping. The features of Shopping, such as approvals and rentals, can be used with these applications.
If you have any difficulties, refer to the Intune integration FAQs in the troubleshooting section.