Share via

Setting aadClientIdOverride for supporting GCC High user enough?

mobile 0 Reputation points
2026-03-14T14:55:27.33+00:00

I have Intune iOS SDK integrated to my app and this app should work for both commercial and gcc high users. I have set details of app registered in my commercial tenant for ADALClientId and ADALAuthority. And set the details of app registered in GCC High tenant for aadClientIdOverride and aadAuthorityUriOverride.

Is there anything needed to make both Commercial and GCC High tenants ?

Microsoft Security | Intune | Microsoft Intune iOS

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-14T14:55:40.7733333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Setting aadClientIdOverride and aadAuthorityUriOverride at runtime is supported, but both commercial and GCC High tenants must be backed by valid Microsoft Entra app registrations and the Intune SDK must be correctly configured for each environment.

    From the Intune iOS SDK perspective:

    1. Base configuration in Info.plist (commercial)
      In Info.plistIntuneMAMSettings:
      • ADALClientId: client ID of the commercial tenant app registration.
      • ADALAuthority: commercial authority (if the app is single-tenant).
      • ADALRedirectUri or ADALRedirectScheme: redirect URI for the commercial app.
      These are required baseline settings for the SDK:
      • ADALClientId is required for all apps.
      • ADALAuthority is required if the app is single-tenant; otherwise the common authority is used.
      • One of ADALRedirectUri or ADALRedirectScheme is required for all apps.
    2. Runtime overrides for GCC High
      The SDK explicitly supports overriding Entra settings at runtime:

      “Apps can override these Microsoft Entra settings at runtime. To do this, simply set the aadAuthorityUriOverride, aadClientIdOverride, and aadRedirectUriOverride properties on the IntuneMAMSettings class.”

      For GCC High users, in addition to aadClientIdOverride and aadAuthorityUriOverride, ensure that:
      • aadRedirectUriOverride is set to the GCC High app’s redirect URI (or a scheme consistent with ADALRedirectScheme if used).
      • The GCC High app registration is created in the GCC High tenant and configured with the same redirect URI the app uses.
    3. Per-tenant app registrations
      Each environment (commercial and GCC High) must have its own Microsoft Entra app registration with:
      • Matching client ID and redirect URI to what the app/overrides use.
      • Correct authority (commercial cloud vs Azure Government for GCC High).
    4. No extra Intune-specific GCC High switches
      The Intune App SDK configuration itself does not require a special GCC High flag. GCC High support is achieved by:
      • Using the correct GCC High authority in ADALAuthority / aadAuthorityUriOverride.
      • Using the correct GCC High app registration values via overrides.

    So, for GCC High users, aadClientIdOverride and aadAuthorityUriOverride are necessary but not sufficient alone; also configure aadRedirectUriOverride (or ensure redirect handling matches) and ensure the GCC High app registration and authority are correct. With those in place, the same app can support both commercial and GCC High tenants.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.