Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.13
  3. Installation and Configuration
  4. Configuration
  5. Connecting BlackBerry UEM to Microsoft Azure
  6. Create an enterprise endpoint in Azure

Create an enterprise endpoint in 
Azure

To provide 
BlackBerry UEM
 access to 
Microsoft Azure
, you must create an enterprise endpoint within 
Azure
. The enterprise endpoint allows 
BlackBerry UEM
 to authenticate with 
Microsoft Azure
. For more information, see https://docs.microsoft.com/en-us/azure/active-directory/active-directory-app-registration.
If you are connecting 
BlackBerry UEM
 to both 
Microsoft Intune
 and the 
Windows Store
 for Business, use a different enterprise application for each purpose due to differences in permissions and potential future changes.
  1. Log in to the Azure portal.
  2. Go to 
    Microsoft Azure > Azure Active Directory > App registrations
    .
  3. Click 
    Endpoints
    .
  4. Copy the 
    OAuth 2.0 token endpoint (v1)
     value and paste it to a text file.
    This is the 
    OAuth 2.0 token endpoint
     required in 
    BlackBerry UEM
    .
  5. Close the 
    Endpoints
     list and click 
    New registration
    .
  6. In the 
    Name
     field, enter a name for the app.
  7. Select which account types can use the application or access the API. 
  8. In the 
    Redirect URI
     section, in the drop-down list, select 
    Web
     and enter a valid URL. The URL format is https://<
    FQDN_of_the_BlackBerry_UEM_server
    >:<
    port
    >/admin/intuneauth 
  9. Click 
    Register
    .
  10. Copy the 
    Application ID
     of your application and paste it to a text file.
    This is the 
    Client ID
     required in 
    BlackBerry UEM
    .
  11. If you are creating the application to use 
    Microsoft Intune
    , click 
    API permissions
     in the 
    Manage 
    section. Perform the following steps:
    1. Click 
      Add a permission
      .
    2. Select 
      Microsoft Graph
      .
    3. Select 
      Delegated permissions
      .
    4. Scroll down in the permissions list and under 
      Delegated Permissions
      , set the following permissions for 
      Microsoft Intune
      :
      • Read and write 
        Microsoft Intune
         apps (
        DeviceManagementApps > DeviceManagementApps.ReadWrite.All
        )
      • Read all groups (
        Group > Group.Read.All
        )
      • Read all users' basic profile (
        User > User.ReadBasic.All
        )
    5. Click 
      Add permissions
      .
    6. Under 
      Grant consent
      , click 
      Grant admin consent
      .
      You must be a global administrator to grant permissions.
    7. When you are prompted, click 
      Yes
       to grant permissions for all accounts in the current directory.
    You can use the default permissions if you are creating the app to connect to the 
    Windows Store
     for Business.
  12. Click 
    Certificates and secrets 
     in the 
    Manage
     section. Perform the following actions:
    1. Under 
      Client secrets
      , click 
      New client secret
      .
    2. Type a description for the client secret.
    3. Select a duration for the client secret.
    4. Click 
      Add
      .
    5. Copy the value of the new client secret.
      This is the 
      Client Key
       that is required in 
      BlackBerry UEM
      .
      If you do not copy the value of your key at this time, you will have to create a new key because the value is not displayed after you leave this screen.