Skip to main content
Intune Commander supports all Microsoft cloud environments for government and commercial customers. Each cloud environment has unique endpoints and app registration requirements.

Supported Cloud Environments

Commercial

Best for: Commercial customers, standard Microsoft 365 tenants
  • Azure Portal: https://portal.azure.com
  • Graph API: https://graph.microsoft.com
  • Authority: https://login.microsoftonline.com

GCC (Government Community Cloud)

Best for: U.S. government customers at the federal, state, and local level
  • Azure Portal: https://portal.azure.com
  • Graph API: https://graph.microsoft.com
  • Authority: https://login.microsoftonline.com
GCC uses the same endpoints as Commercial. The tenant itself determines GCC features and compliance boundaries.

GCC-High

Best for: U.S. federal agencies with FedRAMP High requirements
  • Azure Portal: https://portal.azure.us
  • Graph API: https://graph.microsoft.us
  • Authority: https://login.microsoftonline.us
GCC-High requires a separate app registration in the portal.azure.us Azure portal. Commercial tenant app registrations do not work in GCC-High.

DoD (Department of Defense)

Best for: U.S. Department of Defense and contractors with IL5 requirements
  • Azure Portal: https://portal.apps.mil
  • Graph API: https://dod-graph.microsoft.us
  • Authority: https://login.microsoftonline.us
DoD requires a separate app registration in the portal.apps.mil Azure portal. Commercial and GCC-High app registrations do not work in DoD.

Creating Profiles for Each Cloud

When creating a profile, select the appropriate cloud from the Cloud dropdown:
1

Select cloud environment

Choose from:
  • Commercial
  • GCC
  • GCCHigh
  • DoD
2

Enter cloud-specific credentials

  • Tenant ID: Your tenant GUID in that cloud
  • Client ID: App registration client ID from that cloud’s portal
3

Save and connect

The app automatically routes to the correct endpoints for that cloud.

App Registration Requirements

Commercial and GCC

Use the same app registration for both Commercial and GCC:
  1. Register app in https://portal.azure.com
  2. Add redirect URI: http://localhost:45132
  3. Add Microsoft Graph delegated permissions
  4. Grant admin consent

GCC-High

Create a separate app registration in https://portal.azure.us:
  1. Navigate to Entra ID → App Registrations
  2. Create new registration
  3. Add redirect URI: http://localhost:45132
  4. Add Microsoft Graph delegated permissions (use graph.microsoft.us endpoint)
  5. Grant admin consent
You must have access to the GCC-High Azure portal. Commercial tenant users cannot register apps in GCC-High.

DoD

Create a separate app registration in https://portal.apps.mil:
  1. Navigate to Entra ID → App Registrations
  2. Create new registration
  3. Add redirect URI: http://localhost:45132
  4. Add Microsoft Graph delegated permissions (use dod-graph.microsoft.us endpoint)
  5. Grant admin consent
You must have DoD CAC credentials and portal access to register apps in the DoD cloud.

Endpoint Resolution

Intune Commander automatically resolves endpoints based on the Cloud setting in your profile: 
// From CloudEndpoints.cs
public static CloudEndpoints GetEndpoints(CloudEnvironment cloud)
{
    return cloud switch
    {
        CloudEnvironment.Commercial => new CloudEndpoints
        {
            GraphBaseUrl = "https://graph.microsoft.com",
            AuthorityHost = "https://login.microsoftonline.com"
        },
        CloudEnvironment.GCC => new CloudEndpoints
        {
            GraphBaseUrl = "https://graph.microsoft.com",
            AuthorityHost = "https://login.microsoftonline.com"
        },
        CloudEnvironment.GCCHigh => new CloudEndpoints
        {
            GraphBaseUrl = "https://graph.microsoft.us",
            AuthorityHost = "https://login.microsoftonline.us"
        },
        CloudEnvironment.DoD => new CloudEndpoints
        {
            GraphBaseUrl = "https://dod-graph.microsoft.us",
            AuthorityHost = "https://login.microsoftonline.us"
        }
    };
}
You never need to manually configure endpoints—just select the correct Cloud in your profile.

Multi-Cloud Workflow

Many organizations have tenants in multiple clouds. Intune Commander makes it easy to work across them:
1

Create profiles for each cloud

Set up one profile per tenant/cloud combination:
  • Contoso-Commercial
  • Contoso-GCC
  • Contoso-GCCHigh
2

Switch between clouds

Use the profile switcher dropdown in the app toolbar to switch between tenants.
3

Export from one cloud

Export configurations from your source tenant (e.g., Commercial).
4

Import to another cloud

Switch to the destination tenant (e.g., GCC-High) and import the configurations.
The export/import format is cloud-agnostic. You can export from Commercial and import to GCC-High without modification.

Current Limitations

Conditional Access PowerPoint Export

The Conditional Access PowerPoint export feature is currently Commercial cloud only. GCC, GCC-High, and DoD support is planned for a future release.
If you attempt to export CA policies from a non-Commercial tenant, the feature is disabled.

Troubleshooting Multi-Cloud Issues

”Unauthorized” error in GCC-High/DoD

Cause: Using a Commercial app registration Solution: Create a separate app registration in the government cloud portal and update your profile with the new Client ID.

”Tenant not found” error

Cause: Tenant ID from wrong cloud Solution: Verify you’re using the correct Tenant ID for that cloud environment. Tenant IDs differ across clouds even for the same organization.

Authentication popup shows wrong cloud

Cause: Profile Cloud setting doesn’t match actual tenant cloud Solution: Update the profile’s Cloud field to match your tenant’s actual cloud environment.

Build docs developers (and LLMs) love

Get started for freeTalk to us