Device Management Managed Devices Permissions for Microsoft Graph
Application
| Permission | ID | Purpose | Description |
|---|---|---|---|
| DeviceManagementManagedDevices.PrivilegedOperations.All | 5b07b0dd-2377-4e44-a38d-703f09a0dc3c | Perform user-impacting remote actions on Microsoft Intune devices | Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune, without a signed-in user. |
| DeviceManagementManagedDevices.Read.All | 2f51be20-0bb4-4fed-bf7b-db946066c75e | Read Microsoft Intune devices | Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user. |
| DeviceManagementManagedDevices.ReadWrite.All | 243333ab-4d21-40cb-a475-36241daa0842 | Read and write Microsoft Intune devices | Allows the app to read and write the properties of devices managed by Microsoft Intune, without a signed-in user. Does not allow high impact operations such as remote wipe and password reset on the device’s owner |
Delegated
| Permission | ID | Purpose | Description |
|---|---|---|---|
| DeviceManagementManagedDevices.PrivilegedOperations.All | 3404d2bf-2b13-457e-a330-c24615765193 | Perform user-impacting remote actions on Microsoft Intune devices | Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune. |
| DeviceManagementManagedDevices.Read.All | 314874da-47d6-4978-88dc-cf0d37f0bb82 | Read Microsoft Intune devices | Allows the app to read the properties of devices managed by Microsoft Intune. |
| DeviceManagementManagedDevices.ReadWrite.All | 44642bfe-8385-4adc-8fc6-fe3cb2c375c3 | Read and write Microsoft Intune devices | Allows the app to read and write the properties of devices managed by Microsoft Intune. Does not allow high impact operations such as remote wipe and password reset on the device’s owner. |