settings.json
{ // REQUIRED PARAMETERS // The application ID that is in the Partner tenant. // The application must be a multi-tenant application // The application must have the user_impersonation permission in Microsoft Partner Center (app ID fa3d9a0c-3fb0-42cc-9193-47c7ecd2edbd) "PARTNER_APP_ID": "", // The application ID that is in the Client tenant. // If the application does not exist, the application will be created. // It is ideal to keep the application ID the same as PARTNER_APP_ID, // else the technician will need to re-authenticate. "CLIENT_APP_ID": "", // If the application does not exist, // the following name will be used to create the application "CLIENT_APP_NAME": "", // OPTIONAL PARAMETERS // Make both applications use the device code flow. // This will prompt the technician to type in a code to https://microsoft.com/devicelogin // This is the more secure option, in theory, because technicians // do not sign in to client machines. By default, this is disabled. // Both applications must have device code flow enabled (App registration > Authentication) // for this to work. If partner and client app IDs are the same, only the partner app registration // needs device code flow enabled. "DEVICE_CODE_AUTH": true, // Use the following to set a default group tag. // Setting FORCE_DEF_GROUP_TAG to true will force the group tag specified // and bypass user input. "DEFAULT_GROUP_TAG": "", "FORCE_DEF_GROUP_TAG": true, // Use the following to set a default client tenant. // You can specify a tenant ID or a domain belonging to the tenant // Setting FORCE_DEF_TENANT to true will force the tenant specified // and bypass user input. "DEFAULT_TENANT": "", "FORCE_DEF_TENANT": false, // Enable the ability to assign users. // https://learn.microsoft.com/en-us/autopilot/tutorial/user-driven/azure-ad-join-assign-device-to-user // Note that, due to least privilege, users cannot be verified present // in the client tenant. "ENABLE_ASSIGN_USER": false, // Set a timer to allow Intune to soak, in seconds. // This makes it easier to reboot directly into the Autopilot interface. // Set to 0 to disable. Default is 300 (5 minutes). "SOAK_TIME": 300 } |