For Scappman to function, create applications in your Microsoft Endpoint Manager/Intune tenant and use all our logic we need some permissions in your tenant. Those permissions and why we need them are described in this table.
|Microsoft Graph||Sign in and read user profile||Delegated||We use your existing Azure AD Microsoft account to authenticate you and identify to which tenant you belong. without this permission you would not be able to sign in.|
|Microsoft Graph||Maintain access to data you have given it access to||Delegated||
The token providing us access to Sign in and read your user profile might expire while your session on our platform hasn't. To seamlessly refresh that token, this permission is required.
|Microsoft Graph||Read and write Microsoft Intune apps||Application||We need this permission to create and update apps in your tenant.|
|Microsoft Graph||Read & write Microsoft Intune devices||Application||We need this permission for our reports. We use it to identify the devices for which we have a status, but also to initiate the automatic log file collection in case an installation has failed.|
|Microsoft Graph||Read and write all groups||Application||We need this permission for the assignments of the applications. The read permission is used to list your Azure AD groups that you can use to assign applications. The write permission is used when you select specific users. As Intune/Microsoft Endpoint Manager doesn't support assigning applications to named users we create a group, populate that group with the users you've selected and assign that group to the application. This permissions can be removed but then the user assignment is not possible.|
|Microsoft Graph||Read all groups||Application||We need this permission for the assignments of the applications. The read permission is used to list your Azure AD groups that you can use to assign applications.|
|Microsoft Graph||Read organization information||Application||With this permission we can read how many Microsoft licenses you have with an Intune entitlement that are assigned to users/devices. We'll use that number for billing purposes.|
|Microsoft Graph||Read all users' full profiles||Application||We use this permission to list users in Scappman. This is being used for user based application assignment and admin invite.|
|Microsoft Graph||Read directory data||Application||We need this permissions to see the available users and groups to assign them to applications. We also need this permission to calculate the number of licenses.|