New permission required to manage Intune scripts
As of July 31, 2025 the Graph API permission DeviceManagementScripts.Read/ReadWrite.All
is required for Intune integration and you need to remove the existing DeviceManagementConfiguration.Read/ReadWrite.All
permission. Failure to add the new permission will result in Intune script related tasks failing, including the deployment of UAM applications to Intune devices. This change is being implemented to enhance security and control over Intune management capabilities.
For more details, see Updates to required permissions for Microsoft Graph Beta API deviceManagement.
Note: This permission will be added automatically to 7.1 GA installs and later. Existing installations must be manually updated to reflect this change.
To resolve the issue
Navigate to Settings.
-
Select from the following:
-
Classic UI: Select Integrations and navigate to the Intune tile. Select Enabled.
-
New UI: Select Environment and then select the Integrations tab. Navigate to the Intune section, select the down arrow to expand the section, and then select Configure.
-
In the Configure Intune dialog box, select Save.
The permissions are now updated.
Comments (0 comments)