Maintain access to data you have given it access to

Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.

Delegated

Sign in and read user profile

Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

Delegated

Read and write Microsoft Intune apps

Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune, without a signed-in user.

Application

Read Microsoft Intune device and configuration policies

Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.

Application

Read Microsoft Intune devices

Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user.

Application

Read Microsoft Intune RBAC settings

Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.

Application

Read and write Microsoft Intune Configuration

Allows the app to read and write Microsoft Intune service properties including device enrolment and third party service connection configuration, without a signed-in user.

Application

Read all group memberships

Allows the app to read memberships and basic group properties for all groups without a signed-in user.

Application