Permissions required for Intune Apps
Applies to: Patch My PC Cloud
In addition to the Permissions required for Patch My PC Cloud, to onboard to Intune Apps for Cloud (Intune Apps), we require the following permissions:
Note
Your account must have the Global Administrator role in Entra ID to approve our enterprise application. Using an account with the Application Administrator role will not work as our app requires Microsoft Graph permissions.
See the Application Administrator section of Microsoft Entra built-in roles for more information.
Maintain access to data you have given it access to
Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.
This is a permission requested to access your data in your company.
Delegated
Sign in and read user profile
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
This is a permission requested to access your data in your company.
Delegated
Read and write Microsoft Intune apps
Allows the app to read and write the properties., group assignments and status of apps.. app configurations and app protection policies managed by Microsoft Intune., without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read Microsoft Intune device configuration and policies
Allows the app to read properties of Microsoft Intune- managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read Microsoft Intune devices
Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read Microsoft Intune RBAC settings
Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read and write Microsoft Intune configuration*
Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.
This is a permission requested to access your data in your company.
Application
Read domains
Allows the app to read all domain properties without a signed-in user.
This is a permission requested to access your data in your company.
Delegated
Read all group memberships
Allows the app to read memberships and basic group properties for all groups without a signed-in user.
This is a permission requested to access your data in your company.
Application
* The Read and write Microsoft Intune configuration permission is required to manage blocking apps in the Enrollment Status Page (ESP) profile directly from the PMPC Cloud portal. This is the only feature in our solution that relies on this permission.
We understand this permission may seem broad, but Microsoft does not offer a more granular alternative for updating the blocking apps feature in ESP profiles. If you have concerns and choose to revoke this permission from the Patch My PC Cloud Enterprise App in your Entra ID tenant, please be aware that this will impair our ability to manage ESP profiles and keep blocking apps up-to-date for you.
For more details on the Graph endpoints covered by this API permission, please visit DeviceManagementServiceConfig.ReadWrite.All | Graph Permissions
As per the Permissions requested dialog box displayed when you connect your Intune tenant:
“If you accept, this app will get access to the specified resources for all users in your organization. No one else will be prompted to review these permissions.
Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. You can change these permissions at https://myapps.microsoft.com. Show details
Does this app look suspicious? Report it here.”
You will be prompted to grant these during whenever you connect an Intune Tenant to your PMPC Cloud Portal by clicking Accept on the Permissions requested dialog box.
Last updated
Was this helpful?
