Skip to main content
Sign in

Generating OAuth2.0 credentials in Azure

  • February 26, 2026 09:20
  • Updated

Oomnitza uses Azure OAuth2.0 credentials to connect to Microsoft Services. Generating credentials can be difficult for users who are unfamiliar with Microsoft Azure. To assist users, instructions are provided to help generate the credentials that are required to set up Microsoft Defender, Intune, Active Directory, Microsoft, and Windows Autopilot integrations.

Note
The information and instructions documented in this article are for an external system, and that system is liable to change without warning. 

Contents

Generating an OAuth2.0 application in Azure

Creating the app

  1. Login to Azure.
  2. Select Microsoft Entra ID > App registrations > New registration.
  3. Enter a name for your OAuth2 application
  4. Specify who can use the application, sometimes called its sign-in audience.
  5. In the Redirect URI (optional) field, select Web and enter: https://generic-oauth2-proxy.oomnitza.com/oauth2/redirect_url
  6. Click Register. 

Result
You are provided with your application (client ID) and directory (tenant ID). Keep note of this information for the next steps.

Azure_active_directory.PNG

Adding permissions

Process for Microsoft Defender integrations

Complete these steps if you are creating a Microsoft Defender integration in Oomnitza.

  1. From the sidebar, select API permissions.

  2. Click + Add a Permission

  3. In the Request API permissions screen, select the APIs my organization uses tab.

  4. Search for WindowsDefenderATP and select WindowsDefenderATP from the list.

  5. In the Request API permissions screen, click Delegated Permissions. Select the following permissions from the list Machine.Read

    • If you plan on writing back to Defender via workflows, you will need to add the following scopes.Machine.OffboardMachine.ReadWriteMachine.IsolateMachine.RestrictExecutionMachine.Scan Software.Read.AllSecurityRecommendation.Read Vulnerability.Read

  6. Click Add permissions

  7. Next, you’ll need to grant admin consent to Oomnitza. This should be available in API permissions if you have administrator access rights in Azure).

small_blue_link.svg Microsoft Documentation: Create a Microsoft Defender app

Microsoft_Defender.png

Process for Microsoft Intune integrations

Follow these steps if you are creating a Microsoft Intune integration in Oomnitza.

  1. From the sidebar, select API permissions.
  2. Click + Add a Permission
  3. Select Microsoft Graph
  4. Select Delegated permissions
  5. Select the following permissions:
    • For Intune Devices and Users, select DeviceManagementManagedDevices and then select all available options: DeviceManagementManagedDevices.PrivilegedOperations.All, DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All. 
  6. Click Add permissions
  7. Next, you’ll need to grant admin consent to Oomnitza. (Note: This should be available in API permissions if you have administrator access rights in Azure)

small_blue_link.svgMicrosoft Documentation: How to use Azure AD to access the Intune APIs in Microsoft Graph

microsoft_intune.png

Process for Azure Active Directory and Microsoft user integrations

Follow these steps if you are creating an Azure Active Directory or Microsoft integration in Oomnitza.

  1. From the sidebar, select API permissions.
  2. Click + Add a Permission
  3. Select Microsoft Graph
  4. Select Delegated permissions
  5. Select the following permissions User and then select User.Read.All and AuditLog.Read.All to access the signInActivity attribute.
  6. Click Add permissions
  7. Next, you’ll need to grant admin consent to Oomnitza. (Note: This should be available in API permissions if you have administrator access rights in Azure)

microsoft_365.png

Process for Windows Autopilot integrations

Follow these steps if you are creating a Windows Autopilot integration in Oomnitza.

  1. From the sidebar, select API permissions.
  2. Click + Add a Permission
  3. Select Microsoft Graph
  4. Select Delegated permissions
  5. Select the following permissions:
    • Select DeviceManagementServiceConfigand then select: DeviceManagementServiceConfig.ReadWrite.All
  6. Click Add permissions
  7. Next, you’ll need to grant admin consent to Oomnitza. (Note: This should be available in API permissions if you have administrator access rights in Azure)

Process for Azure Active Directory assets

Follow these steps if you are creating a Azure Active Directory assets integration in Oomnitza.

  1. From the sidebar, select API permissions.
  2. Click + Add a Permission
  3. Select Azure Service Management
  4. Select the user_impersonationpermission.
  5. Click Add permissions
  6. Next, you’ll need to grant admin consent to Oomnitza. (Note: This should be available in API permissions if you have administrator access rights in Azure).

Generating the client secret

To add your credentials to Oomnitza, you will require:

  • The client ID
  • The tenant ID 
  • The client secret 

 The client and tenant IDs for the application can be retrieved from the Essentials section for the app that you registered. See Creating an app.

To add a client secret, complete these steps:   

  1. On the Certificates & secrets page for the application, click New client secret.
  2. Make your changes. 
  3. Click Add.
  4. Click Copy to clipboard CopyToClipboard_Icon.svg next to the Value field. This is the value of your client secret.

Result
Now that you have your client secret, client ID, and tenant ID, you can add your credentials to Oomnitza and run the integration.

Documentation Links

small_blue_link.svg Quickstart: Register an application with the Microsoft identity platform

Related articles

Comments

0 comments

Please sign in to leave a comment.