Permissions Required for Intune Client Apps to Communicate with App Portal
To establish connection between Intune and App Portal, the list of minimum permissions required for the Intune client app are:
| • | Group.Create |
| • | Application.Read |
| • | Device.Read.All |
| • | User.Read.All |
| • | DeviceManagementApps.ReadWrite.All |
| • | DeviceManagementManagedDevices.Read.All |
To configure these permissions
| 1. | Select the registered account. |
| 2. | Select API permissions from left navigation panel. |
| 3. | Click Add a permission. The Request API permissions panel appears, select Microsoft Graph. |
| 4. | In the Microsoft Graph, select Application Permissions. |
| a. | Device Management Permission—Under DeviceManagementApps, select DeviceManagementApps.Read.All and DeviceManagementApps.ReadWrite.All, and then click Add permissions. |
| b. | Application Permission—Under Application, select Application.Read and then click Add permissions. |
|
Permissions |
Description |
|
Group.Create |
Owners can create new groups within the organization. |
|
Application.Read |
Allows reading all applications in the directory. |
|
Device.Read.All |
Allows reading details of registered devices in the directory. |
|
User.Read.All |
Allows reading details of all users in the directory. |
|
DeviceManagementApps.ReadWrite.All |
Allows managing Microsoft Intune apps. |
|
DeviceManagementManagedDevices.Read.All |
Allows reading details of Microsoft Intune devices. |
Note:To take effect of the above permissions it is mandatory to update the IntuneApiRoles.JSON file in following Install Location: C:\Program Files (x86)\Flexera Software\App Portal\Web\App_Data with below details:
| 5. | Click on Grant admin consent for {Tenant Name}. The status will turn to Granted. Make sure the permissions are of type Delegated. |