Skip to content

How sign-in works

IntuneCommander connects to Entra & Intune through a tenant profile — a saved Entra app registration. You pick a profile, sign in, and the live screens populate.

A profile holds everything needed to reach one tenant: the tenant, the app registration (client) ID, its secret or auth method, and which cloud it lives in. Profiles are stored on your machine at:

%LocalAppData%\Intune.Commander\
  • profiles.json — your saved tenant profiles.
  • keys\ — Windows DataProtection keys. IntuneCommander decrypts each profile’s secret transparently, so secrets never sit in plain text.
MethodWhat happensWhen it’s used
Client secret (app-only)Silent — no browser, no prompt. Signs in within a few seconds.The profile has a stored client secret.
Device code (interactive)The app shows a short code + a link; you finish in a browser.The profile is set to device-code.

What you can do once signed in is governed by the application permissions consented to that app registration in Entra. If a surface is empty or a write is greyed out, the app registration probably lacks that permission.

Each profile targets one sovereign cloud: Commercial, GCC, GCC High, or DoD. The status bar shows the active cloud alongside the sign-in state.

Signed out, the app shows only the Sign in card. Once you’re signed in, the live screens populate — lists and detail views across the whole Intune management surface, plus sync of the audit/drift snapshots.

Next: Sign in step by step