Role ID Purpose Description
DeviceManagementManagedDevices.PrivilegedOperations.All 5b07b0dd-2377-4e44-a38d-703f09a0dc3c Perform user-impacting remote actions on Microsoft Intune devices Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune, without a signed-in user.
DeviceManagementManagedDevices.Read.All 2f51be20-0bb4-4fed-bf7b-db946066c75e Read Microsoft Intune devices Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user.
DeviceManagementManagedDevices.ReadWrite.All 243333ab-4d21-40cb-a475-36241daa0842 Read and write Microsoft Intune devices Allows the app to read and write the properties of devices managed by Microsoft Intune, without a signed-in user. Does not allow high impact operations such as remote wipe and password reset on the device’s owner

Updated: