Required device permissions for Microsoft Endpoint Manager (Intune) integration

Read all groups

Permits the app to read group properties, memberships, and conversations for all groups

Read all users' full profiles

Permits the app to read user profiles

Read and write Microsoft Intune apps

Permits the app to read and write properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft

Read and write Microsoft Intune device configuration and policies

Permits the app to read and write properties of Microsoft Intune-managed device configurations, device compliance policies, and group assignments

Execute user-impacting remote actions on Microsoft Intune devices

Permits the app to execute remote high-impact actions such as wiping a device or resetting the passcode on devices managed by Microsoft Intune

Read and write Microsoft Intune devices

Read and write Microsoft Intune configuration

Permits the app to read and write Microsoft Intune service properties including device enrollment and third-party service connection configuration

Read all applications

Permits the app to read all applications and service principals

Read all group memberships

Permits the app to read memberships and basic group properties for all groups

Read all devices

Permits the app to read device configuration information

Sign in and read user profile

Permits users to sign in to the app and allows the app to read the profile and basic company information of signed-in users

Send device threat information to Microsoft Intune