DeviceManagementManagedDevices.PrivilegedOperations.All
Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.
Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.
These permissions aren't supported for personal Microsoft accounts.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
DeviceManagementManagedDevices.PrivilegedOperations.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 5b07b0dd-2377-4e44-a38d-703f09a0dc3c | 3404d2bf-2b13-457e-a330-c24615765193 |
| DisplayText | Perform user-impacting remote actions on Microsoft Intune devices | Perform user-impacting remote actions on Microsoft Intune devices |
| Description | Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune, without a signed-in user. | Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- bulkManagedDeviceActionResult
- configurationManagerAction
- intune-devices-manageddeviceremoteaction
- intune-devices-obliterationbehavior
- updateWindowsDeviceAccountActionParameter
Graph reference: bulkManagedDeviceActionResult
| Property | Type | Description |
|---|---|---|
| successfulDeviceIds | String collection | Successful devices |
| failedDeviceIds | String collection | Failed devices |
| notFoundDeviceIds | String collection | Not found devices |
| notSupportedDeviceIds | String collection | Not supported devices |