📗 Required Application Permissions
📗

Required Application Permissions

API/ServicePermission NameTypeDescriptionAdmin Consent Required
Intuneget_device_complianceApplicationGet device state and compliance information from Microsoft IntuneYes
Log Analytics APIData.ReadApplicationRead Log Analytics dataYes
Microsoft GraphAuditLog.Read.AllApplicationRead all audit log dataYes
Microsoft GraphDevice.Read.AllApplicationRead all devicesYes
Microsoft GraphDeviceManagementConfiguration.Read.AllApplicationRead Microsoft Intune device configuration and policiesYes
Microsoft GraphDeviceManagementManagedDevices.Read.AllApplicationRead Microsoft Intune devicesYes
Microsoft GraphDirectory.Read.AllApplicationRead directory dataYes
Microsoft GraphLicenseAssignment.Read.AllApplicationRead all license assignmentsYes
Microsoft GraphOrganization.Read.AllApplicationRead organization informationYes
Microsoft GraphPolicy.Read.AllApplicationRead your organization's policiesYes
Microsoft GraphPolicy.Read.DeviceConfigurationApplicationRead your organization's device configuration policiesYes
Microsoft GraphSecurityActions.ReadWrite.AllApplicationRead and update your organization's security actionsYes
Microsoft GraphSecurityAlert.Read.AllApplicationRead all security alertsYes
Microsoft GraphSecurityEvents.Read.AllApplicationRead your organization's security eventsYes
Microsoft GraphSecurityIncident.Read.AllApplicationRead all security incidentsYes
Microsoft GraphSecurityIncident.ReadWrite.AllApplicationRead and write to all security incidentsYes
Microsoft GraphThreatAssessment.Read.AllApplicationRead threat assessment requestsYes
Microsoft GraphThreatHunting.Read.AllApplicationRun hunting queriesYes
Microsoft GraphThreatIndicators.Read.AllApplicationRead all threat indicatorsYes
Microsoft GraphThreatIntelligence.Read.AllApplicationRead all Threat Intelligence InformationYes
Microsoft GraphUser-PasswordProfile.ReadWrite.AllApplicationRead and write all password profiles and reset user passwordsYes
Microsoft GraphUser.EnableDisableAccount.AllApplicationEnable and disable user accountsYes
Microsoft GraphUser.ReadWrite.AllApplicationRead and write all users' full profilesYes
Microsoft GraphUser.RevokeSessions.AllApplicationRevoke all sign in sessions for a userYes
Microsoft GraphUserAuthenticationMethod.ReadWrite.AllApplicationRead and write all users' authentication methodsYes
Windows Defender ATPAdvancedQuery.Read.AllApplicationRun advanced queriesYes
Windows Defender ATPAlert.ReadWrite.AllApplicationRead and write all alertsYes
Windows Defender ATPFile.Read.AllApplicationRead file profilesYes
Windows Defender ATPIntegrationConfiguration.ReadWrite.AllApplicationRead and Write Integration settingsYes
Windows Defender ATPIp.Read.AllApplicationRead IP address profilesYes
Windows Defender ATPMachine.IsolateApplicationIsolate machineYes
Windows Defender ATPMachine.Read.AllApplicationRead all machine profilesYes
Windows Defender ATPMachine.ReadWrite.AllApplicationRead and write all machine informationYes
Windows Defender ATPMachine.ScanApplicationScan machineYes
Windows Defender ATPMachine.StopAndQuarantineApplicationStop and quarantine fileYes
Windows Defender ATPRemediationTasks.Read.AllApplicationRead all remediation tasksYes
Windows Defender ATPScore.Read.AllApplicationRead Threat and Vulnerability Management scoreYes
Windows Defender ATPSecurityBaselinesAssessment.Read.AllApplicationRead all security baselines assessment informationYes
Windows Defender ATPSecurityConfiguration.Read.AllApplicationRead all security configurationsYes
Windows Defender ATPSecurityRecommendation.Read.AllApplicationRead Threat and Vulnerability Management security recommendationsYes
Windows Defender ATPSoftware.Read.AllApplicationRead Threat and Vulnerability Management software informationYes
Windows Defender ATPUser.Read.AllApplicationRead user profilesYes
Windows Defender ATPVulnerability.Read.AllApplicationRead Threat and Vulnerability Management vulnerability informationYes

Summary

Total Permissions Required: 37 permissions across 4 APIs/Services

  • Intune: 1 permission
  • Log Analytics API: 1 permission
  • Microsoft Graph: 23 permissions
  • Windows Defender ATP: 18 permissions

Admin Consent: Required for all permissions