Permissions required for Intune Apps
Last updated
Last updated
© Patch My PC 2024
Applies to: Patch My PC Cloud
In addition to the Permissions required for Patch My PC Cloud, to onboard to Intune Apps for Cloud (Intune Apps), we require the following permissions:
Note
Your account must have the Global Administrator role in Entra ID to approve our enterprise application. Using an account with the Application Administrator role will not work as our app requires Microsoft Graph permissions.
See the Application Administrator section of Microsoft Entra built-in roles for more information.
Permission | Description | Permission Type |
---|---|---|
Maintain access to data you have given it access to | Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions. This is a permission requested to access your data in your company. | Delegated |
Sign in and read user profile | Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. This is a permission requested to access your data in your company. | Delegated |
Read and write Microsoft Intune apps | Allows the app to read and write the properties., group assignments and status of apps.. app configurations and app protection policies managed by Microsoft Intune., without a signed-in user. This is a permission requested to access your data in your company. | Application |
Read Microsoft Intune device configuration and policies | Allows the app to read properties of Microsoft Intune- managed device configuration and device compliance policies and their assignment to groups, without a signed-in user. This is a permission requested to access your data in your company. | Application |
Read Microsoft Intune devices | Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user. This is a permission requested to access your data in your company. | Application |
Read Microsoft Intune RBAC settings | Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user. This is a permission requested to access your data in your company. | Application |
Read and write Microsoft Intune configuration | Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user. This is a permission requested to access your data in your company. | Application |
Read all group memberships | Allows the app to read memberships and basic group properties for all groups without a signed-in user. This is a permission requested to access your data in your company. | Application |
As per the Permissions requested dialog box displayed when you connect your Intune tenant:
“If you accept, this app will get access to the specified resources for all users in your organization. No one else will be prompted to review these permissions.
Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. You can change these permissions at https://myapps.microsoft.com. Show details
Does this app look suspicious? Report it here.”
You will be prompted to grant these during whenever you connect an Intune Tenant to your PMPC Cloud Portal by clicking Accept on the Permissions requested dialog box.