New permission required to manage Intune scripts

New permission required to manage Intune scripts

As of July 31, 2025 the Graph API permission DeviceManagementScripts.Read/ReadWrite.All is required for Intune integration and you need to remove the existing DeviceManagementConfiguration.Read/ReadWrite.All permission. Failure to add the new permission will result in Intune script related tasks failing, including the deployment of UAM applications to Intune devices. This change is being implemented to enhance security and control over Intune management capabilities.

For more details, see Updates to required permissions for Microsoft Graph Beta API deviceManagement.

Note: This permission will be added automatically to 7.1 GA installs and later. Existing installations must be manually updated to reflect this change.

To resolve the issue

  1. Navigate to Settings.

  2. Select from the following:

    • Classic UI: Select Integrations and navigate to the Intune tile. Select Enabled.

    • New UI: Select Environment and then select the Integrations tab. Navigate to the Intune section, select the down arrow to expand the section, and then select Configure.

  3. In the Configure Intune dialog box, select Save.

The permissions are now updated.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Please sign in to leave a comment.