Permissions required for Intune Apps
Applies to: Patch My PC Cloud
In addition to the Permissions required for Patch My PC Cloud, to onboard to Intune Apps for Cloud (Intune Apps), we require the following permissions:
Note
Your account must have the Global Administrator role in Entra ID to approve our enterprise application. Using an account with the Application Administrator role will not work as our app requires Microsoft Graph permissions.
See the Application Administrator section of Microsoft Entra built-in roles for more information.
Maintain access to data you have given it access to
Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.
This is a permission requested to access your data in your company.
Delegated
Sign in and read user profile
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
This is a permission requested to access your data in your company.
Delegated
Read and write Microsoft Intune apps
Allows the app to read and write the properties., group assignments and status of apps.. app configurations and app protection policies managed by Microsoft Intune., without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read Microsoft Intune device configuration and policies
Allows the app to read properties of Microsoft Intune- managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read Microsoft Intune devices
Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read Microsoft Intune RBAC settings
Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read and write Microsoft Intune configuration
Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read domains
Allows the app to read all domain properties without a signed-in user.
This is a permission requested to access your data in your company.
Delegated
Read all group memberships
Allows the app to read memberships and basic group properties for all groups without a signed-in user.
This is a permission requested to access your data in your company.
Application
As per the Permissions requested dialog box displayed when you connect your Intune tenant:
“If you accept, this app will get access to the specified resources for all users in your organization. No one else will be prompted to review these permissions.
Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. You can change these permissions at https://myapps.microsoft.com. Show details
Does this app look suspicious? Report it here.”
You will be prompted to grant these during whenever you connect an Intune Tenant to your PMPC Cloud Portal by clicking Accept on the Permissions requested dialog box.
Last updated