General steps to configure application registration for Intune application management.

1. Sign in to the Azure portal (https://portal.azure.com).

2. Select "Azure Active Directory" from the left-hand navigation menu.

3. Select "App registrations" under the Manage section.

4. Click on "New registration" to create a new application registration.

5. Enter a name for your application, choose the supported account types, and enter a redirect URI (if applicable).

6. After registering the application, note the Application ID and Tenant ID. These will be used later in the Intune application configuration.

7. In Intune, navigate to "Client apps" and select "App registration" from the left-hand navigation menu.

8. Click on "Add" to create a new app registration.

9. Enter the Application ID and Tenant ID from step 6 and click "Next".

10. Select the app management capabilities you want to configure, such as app protection policies and app configuration policies.

11. Complete the configuration and assign the app registration to users or groups as needed.

Permissions

You should give some permissions for manage applications in intune for Application regsitration. In the Select permissions table view, search for “DeviceManagement” and under those permissions, enable the following:

• DeviceManagementApps.ReadWrite.All: View and create applications in Intune

• DeviceManagementConfiguration.Read.All: View properties and relationships of assignment filters

• DeviceManagementManagedDevices.Read.All: View device inventory for the auto-publish feature

• DeviceManagementRBAC.Read.All: View scopes to be assigned to applications

• DeviceManagementServiceConfig.ReadWrite.All: Update Enrollment Status Page configurations

Then, search for “GroupMember”, and under Group permissions, enable:

• GroupMember.Read.All: View Azure AD groups to enable automatic application deployment