Learn which permissions administrators must grant in the Microsoft Entra ID (Azure AD) portal to authorize the V1 Platform to sync with your Microsoft Intune environment.
The following table describes permissions that allow the V1 server to securely communicate
with your Intune environment to manage app policies and monitor device compliance.
|
Permissions
|
Description
|
|
Read all groups
|
Permits the app to read group properties, memberships, and conversations for all groups
|
|
Read all users' full profiles
|
Permits the app to read user profiles
|
|
Read and write Microsoft Intune apps
|
Permits the app to read and write properties, group assignments and status of apps,
app configurations and app protection policies managed by Microsoft
|
|
Read and write Microsoft Intune device configuration and policies
|
Permits the app to read and write properties of Microsoft Intune-managed device configurations,
device compliance policies, and group assignments
|
|
Execute user-impacting remote actions on Microsoft Intune devices
|
Permits the app to execute remote high-impact actions such as wiping a device or resetting
the passcode on devices managed by Microsoft Intune
|
|
Read and write Microsoft Intune devices
|
Permits the app to read and write the properties of devices managed by Microsoft Intune. Does not permit high-impact operations such as remote wipe and passcode reset on the device |
|
Read and write Microsoft Intune configuration
|
Permits the app to read and write Microsoft Intune service properties including device
enrollment and third-party service connection configuration
|
|
Read all applications
|
Permits the app to read all applications and service principals
|
|
Read all group memberships
|
Permits the app to read memberships and basic group properties for all groups
|
|
Read all devices
|
Permits the app to read device configuration information
|
|
Sign in and read user profile
|
Permits users to sign in to the app and allows the app to read the profile and basic
company information of signed-in users
|
|
Send device threat information to Microsoft Intune
|
Permits the app to send device risk and threat information to Intune to help determine device compliance with corporate security policy |