Why do we need permissions in your tenant?
Last updated
Last updated
For Scappman to create applications in your Microsoft Endpoint Manager/lntune tenant and use all our logic we need some permissions in your tenant.
Those permissions and why we need them are described in this table.
Permissions
Type
Why?
Sign in and read user profile
Delegated
We use your existing Azure AD account to authenticate you and identify which tenant you belong to, without this permission you would not be able to sign in.
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users.
Maintain access to data you have given it access to
Delegated
The token providing us access to Sign in and read your user profile might expire while your session on our platform hasn't.
To seamlessly refresh that token, this permission is required.
This does not give the app any additional permissions.
Read and write Microsoft Intune apps
Application
We need this permission to create and update apps in your tenant.
Read & write Microsoft Intune devices
Application
We need this permission for our reports.
We use it to identify the device installation status and also to initiate the automatic log file collection in case an installation has failed.
Read & write all groups
Application
We need this permission for the assignments of the applications.
The read permission is used to list your Azure AD groups that you can use to assign applications.
The write permission is used when you select specific users. lntune doesn't support assigning applications to named users, so we create a group, populate that group with the users you've selected and assign that group to the application.
This permissions can be removed but then the user assignment is not possible.
Read all groups
Application
We need this permission for the assignments of the applications.
The read permission is used to list your Azure AD groups that you can use to assign applications.
Read organization information
Application
With this permission we can read how many Microsoft licenses you have with an lntune entitlement that are assigned to users/devices.
We'll use that number for billing purposes.
Read all users' full profiles
Application
We use this permission to list users in Scappman.
This is being used for user based application assignment and admin invite.
Read directory data
Application
We need this permissions to see the available users and groups to assign them to applications.
We also need this permission to calculate the number of licenses.