Application Management Tab

The Application Management tab is not available until after you have completed the setup wizard.

The Application Management tab allows you to specify the folder to use when deploying third-party applications. In addition, you can specify if publishing to Intune is allowed and, if so, how to make a connection with your Intune environment.

Available Options

Application Source Folder

  • This folder will be used to store content for applications that you have imported into Configuration Manager: Specify the full path name to the local folder or network share that will be used to store the installers for the third-party applications you deploy.
  • The full path name entered in this field must be a UNC path.

  • Browse: If you don't remember the exact location of the folder, click this button to search for the folder. This button also enables you to make a new folder.

Script signing certificate

  • Sign scripts executed on clients: If an application uses a detection script, you can add a certificate to use for signing the script. The certificate must be added to the Trusted Root CA and Trusted Publishers stores, and it must be distributed to your clients.
  • As of v2021.1, no applications currently use detection scripts.


For information on how to perform a deployment to Microsoft Intune, see Synchronizing Third-Party Applications.

  • Enable Intune publishing: Specifies if third-party applications can be imported to Microsoft Intune. If this check box is enabled, you must use the following three options to configure your connection to the Microsoft Intune tenant.
  • If you have not yet registered your Azure portal, see Additional Azure Portal Information before configuring these options.

  • Tenant domain: This setting can be found by logging on to your Azure portal, going to the Active Directory blade and then clicking on Domain names.
  • Another option: Within the Intune tenant, go to Tenant administration > Tenant status > Tenant name.

  • Application ID: This setting can be found on the Overview tab of your Azure portal. This is available immediately after the registration process.
  • Client secret: This setting can be found on the Certificates & secrets tab of your Azure portal. Create a new client secret if needed and then paste the secret here.
  • Test connection: Click this to verify that you can successfully make a connection to your Azure portal.

Additional Azure Portal Information

If you have not yet completed the application registration in the Azure AD section of your Azure portal, follow these steps. This will give you the necessary permissions to connect, create and read applications within your Intune tenant.

  • Create a new registration within your Azure portal by selecting App registrations > New registration and then following the registration wizard.
    • Name: Provide a unique and descriptive name
    • Remaining options: In most cases, simply take the defaults and then click Register
  • Configure the permissions that are needed to communicate with Microsoft Intune.
    • Within the Azure portal, select API permissions > Add a permission
    • Select Microsoft Graph and then click Application permissions
    • Enable the DeviceManagementApps.ReadWrite.All and Group.Read.All permissions and then click Add permissions.

    An administrator must grant consent for the permissions. If you are an administrator, you can do it yourself by clicking Grant admin consent for <name>.