Currently to import applications from Intune into a private repo we need to link Intune as a repo which requires the "Manage" permission for the Intune Applications. This permission adds the following Graph API Permissions:
DeviceManagementApps.Read.Write.All
DeviceManagementConfiguration.ReadWrite.All
Group.ReadWrite.All
These API permissions seem a bit excessive if all we want to do is to read applications from Intune and import them into a WinGet Prviate Repo. This feature request is to have the ability to link the Intune repo in Unified Application Manager using less permissions (ideally read only), so we can then import the applications without needing to write anything to Intune.
Comments (1 comment)