Permissions Required for Intune Client Apps to Communicate with App Portal

To establish connection between Intune and App Portal, the list of minimum permissions required for the Intune client app are:

•

Application.Read.All

•

Directory.ReadWrite.All

•

DeviceManagementApps.ReadWrite.All

•

DeviceManagementManagedDevices.Read.All

•

Group.ReadWrite.All

To configure these permissions

1.

Select the registered account.

2.

Select API permissions from left navigation panel.

3.

Click Add a permission. The Request API permissions panel appears, select Microsoft Graph.

4.

In the Microsoft Graph, select Application Permissions.

a.

Device Management Permission—Under DeviceManagementApps, select DeviceManagementApps.Read.All and DeviceManagementApps.ReadWrite.All, and then click Add permissions.

b.

Group Permission—Under Group, select Group.ReadWrite.All, and then click Add permissions.

c.

Application Permission—Under Application, select Application.Read.All and then click Add permissions.

d.

Directory Permission—Under Directory, select Directory.ReadWrite.All and then click Add permissions.

5.

Click on Grant admin consent for {Tenant Name}. The status will turn to Granted. Make sure the permissions are of type Delegated.