# Authentication Settings

*Applies to: Patch My PC Publisher*

## Overview

The **Authentication Settings** section defines how the Publisher authenticates with Entra ID and communicates to Microsoft Intune using a Microsoft Entra ID application registration. These settings are required before the Publisher can create, update, or manage Win32 applications and updates in Intune.

This section establishes the trust relationship between the Publisher and your Intune tenant by configuring the tenant authority, application identifier, and authentication method. Authentication can be performed by using either a client secret or a certificate, depending on your organization security requirements.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FOLrS38zrQ9AESTTI3l4L%2Fimage.png?alt=media&#x26;token=fee16fee-0df9-415d-afcb-eef64c0d3ed7" alt="Authentication Settings" width="563"><figcaption></figcaption></figure>

## Tenant Friendly name

The friendly name is a descriptive label for the app registration configuration. This value is shown only in the Publisher and is used to help identify the tenant connection when reviewing settings.

## Authority

The **Authority** URL is constructed by using the Microsoft sign in endpoint and your tenant name. The supported endpoint is:

[`https://login.microsoftonline.com`](https://login.microsoftonline.com)

To complete the authority value, append your tenant name to the URL. The tenant name can be found in the [**Tenant status**](https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/TenantAdminMenu/~/tenantStatus) page in the Intune admin center.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FxUdd4CoYO6yWf2rHX807%2Fimage.png?alt=media&#x26;token=edc06742-7a9f-46f0-8b47-8ad129d06189" alt="Find the Tenant Name in the Intune admin center" width="563"><figcaption></figcaption></figure>

The completed authority value should follow this format:

`https://login.microsoftonline.com/tenantname.onmicrosoft.com`

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FmHbkfBxpDbrDWWqFEG5u%2Fimage.png?alt=media&#x26;token=4d5bf4ab-e9df-4034-bf19-3951e7c3da8b" alt="Full Authority URL" width="498"><figcaption></figcaption></figure>

{% hint style="info" %}
**Note**

The tenant name used in the authority value does not have to be the onmicrosoft.com domain. Any verified domain name associated with the tenant can be used, as all verified domains resolve to the same authentication endpoint and identify the same tenant.
{% endhint %}

## Authentication URL

Defines the Microsoft Graph endpoint used for authentication and token acquisition. The default URL is `https://graph.microsoft.com`.

{% hint style="info" %}
**Note**

These values may need to be changed only when your Intune tenant is hosted in a government or sovereign cloud, such as GCC High or Microsoft 21Vianet (China), which use different authentication and Microsoft Graph endpoints than the public commercial cloud.

\
If your tenant is hosted in the standard commercial Microsoft 365 cloud, you should continue using the default values. For details on the specific endpoints required for each cloud environment, refer to the [Intune speciifc Network requirements](https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/intune-requirements/network).
{% endhint %}

## Graph Base URL

Defines the Microsoft Graph endpoint used for Intune and application management operations. The default Graph base URL is `https://graph.microsoft.com/beta`.

## Restore

The **Restore** button resets the Authentication URL or the Graph base URL to the recommended default values.

## Application (Client) ID

The **Application ID** field must contain the Application client ID from your Entra ID app registration.

To obtain this value, select **App registrations** in the [Microsoft Entra admin center](https://entra.microsoft.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade/quickStartType~/null/sourceType/Microsoft_AAD_IAM), and copy the **Application (client) ID** value.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FzpgjfD0msBCksHpeZtQ3%2Fimage.png?alt=media&#x26;token=eaa899ce-577d-4cc8-973b-25661a05a1b8" alt="Application (Client) ID" width="563"><figcaption></figcaption></figure>

For more details on how to create an Entra ID App Registration for use with the Publisher, see: [Entra ID App Registration](https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/intune-requirements/entra-id-app-registration).

## Application Certificate or Application Secret

The authentication method is determined by the [credentials configured on the app registration](https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/intune-requirements/entra-id-app-registration/client-credentials).

If [certificate based authentication](https://docs.patchmypc.com/publisher-requirements/intune-requirements/entra-id-app-registration/client-credentials#use-a-certificate-for-authentication) is used, select the **Certificate** option and browse the Local Machine certificate Personal store to select the appropriate certificate.

If [client secret authentication](https://docs.patchmypc.com/publisher-requirements/intune-requirements/entra-id-app-registration/client-credentials#use-a-client-secret-for-authentication) is used, select the **Application Secret** option and enter the client secret value that was generated during app registration setup.

For more information, and to help decide which client credential method to use if you have not already chosen one, see: [Client Credentials](https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/intune-requirements/entra-id-app-registration/client-credentials).

Whichever client credential method is used, the Intune Options form displays the credential expiration date below the credential field.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FZqMUsoz603UzLA7PY8Wq%2Fimage.png?alt=media&#x26;token=239aa484-b16b-4d67-af05-8f4456e126d0" alt="Credential expiration date" width="563"><figcaption></figcaption></figure>

{% hint style="success" %}
**Tip**

Certificate-based authentication is the recommended client credential to use for an app registration.
{% endhint %}

## Test Connection

Press the **Test Connection** button to validate authentication, connectivity, and the required API permissions.

The test confirms that the Publisher can successfully connect to the Intune tenant via Microsoft Graph and that all required Microsoft Graph permissions are available. When the test completes successfully and all permissions show as enabled, the Publisher is ready to publish applications and updates to Intune.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2F1nKlLZdn1Ob5GQVaSHBq%2Fimage.png?alt=media&#x26;token=3ab25185-5c6e-4dda-a55e-47f77d171c6f" alt="App Registration Connection Status" width="563"><figcaption></figcaption></figure>

For more information about the API permissions required for the Publisher, see: [API Permissions](https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/intune-requirements/entra-id-app-registration/api-permissions).

{% hint style="warning" %}
**Important**

If the test fails, review the authority value, application (client) ID, and client credntial method used before proceeding.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.patchmypc.com/patch-my-pc-publisher/administration/intune-apps-updates/options/authentication-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.