Intune Permissions

This is the list of required permissions for Microsoft Intune.

API permissions

Sign in (Delegated permissions)

email

offline_access

openid

profile

 

Device Management (Application permissions)

Device.ReadWrite.All

DeviceManagementConfiguration.ReadWrite.All

DeviceManagementServiceConfig.ReadWrite.All

DeviceManagementManagedDevices.ReadWrite.All

DeviceManagementManagedDevices.PrivilegedOperations.All

 

Device Management (Delegated permissions)

BitlockerKey.Read.All

 

Application Deployment (Application permissions)

DeviceManagementApps.ReadWrite.All

Group.ReadWrite.All

Directory.Read.All

GroupMember.ReadWrite.All

 

Group Management (Application permissions)

RoleManagement.ReadWrite.Directory (only required to add members to role-assignable groups)

 

Service Account

The service account defined under settings must be a member of one of the following roles in order to read bitlocker recovery keys:

See Also
Intune Configuration

 

 

© Copyright - SoftwareCentral

https://softwarecentral.cloud/help