Permissions required for Intune Apps

Applies to: Patch My PC Cloud

In addition to the Permissions required for Patch My PC Cloud, to onboard to Intune Apps for Cloud (Intune Apps), we require the following permissions:

Note

Your account must have the Global Administrator role in Entra ID to approve our enterprise application. Using an account with the Application Administrator role will not work as our app requires Microsoft Graph permissions.

See the Application Administrator section of Microsoft Entra built-in roles for more information.

Permission
Description
Permission Type

Maintain access to data you have given it access to

Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.

This is a permission requested to access your data in your company.

Delegated

Sign in and read user profile

Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

This is a permission requested to access your data in your company.

Delegated

Read and write Microsoft Intune apps

Allows the app to read and write the properties., group assignments and status of apps.. app configurations and app protection policies managed by Microsoft Intune., without a signed-in user.

This is a permission requested to access your data in your company.

Application

Read Microsoft Intune device configuration and policies

Allows the app to read properties of Microsoft Intune- managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.

This is a permission requested to access your data in your company.

Application

Read Microsoft Intune devices

Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user.

This is a permission requested to access your data in your company.

Application

Read Microsoft Intune RBAC settings

Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.

This is a permission requested to access your data in your company.

Application

Read and write Microsoft Intune configuration

Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.

This is a permission requested to access your data in your company.

Application

Read domains

Allows the app to read all domain properties without a signed-in user.

This is a permission requested to access your data in your company.

Delegated

Read all group memberships

Allows the app to read memberships and basic group properties for all groups without a signed-in user.

This is a permission requested to access your data in your company.

Application

As per the Permissions requested dialog box displayed when you connect your Intune tenant:

If you accept, this app will get access to the specified resources for all users in your organization. No one else will be prompted to review these permissions.

Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. You can change these permissions at https://myapps.microsoft.com. Show details

Does this app look suspicious? Report it here.”

You will be prompted to grant these during whenever you connect an Intune Tenant to your PMPC Cloud Portal by clicking Accept on the Permissions requested dialog box.

Last updated

© Patch My PC 2024