Update

New Microsoft Graph permissions for API calls to device management endpoints

Week of July 28, 2025

Device management
New Microsoft Graph permissions for API calls to device management endpoints
Calls to several Microsoft Graph APIs now require one of two newer DeviceManagement permissions that replace the use of previously supported permissions. The following are the two new permissions and the original permissions that the new permissions replace:

  • DeviceManagementScripts.Read.All - This new permission replaces use of DeviceManagementConfiguration.Read.All
  • DeviceManagementScripts.ReadWrite.All - This new permission replaces use of the DeviceManagementConfiguration.ReadWrite.All
    Access to the following Microsoft Graph API calls now require use the new permissions:
  • ~/deviceManagement/deviceShellScripts
  • ~/deviceManagement/deviceHealthScripts
  • ~/deviceManagement/deviceComplianceScripts
  • ~/deviceManagement/deviceCustomAttributeShellScripts
  • ~/deviceManagement/deviceManagementScripts
    Currently both the DeviceManagementScripts and the older DeviceManagementConfiguration permissions remain functional. However, in early September 2025, tools and scripts that rely on the older permissions to access the listed APIs will fail to function.
Version: Week of July 28, 2025 Link
Receive Important Update Messages Stay tuned for upcoming Microsoft Intune updates

More from the Cloud Services section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad