check before: 2025-07-31
Product:
Entra, Intune, Microsoft Graph
Platform:
Developer, Online, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Summary:
Starting July 31, 2025, Microsoft Graph Beta API deviceManagement will require either DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All permissions. Update any apps, scripts, or tools to include these permissions and remove the old ones. Detailed instructions are available in the provided links.
Details:
Starting July 31, 2025, or soon after, the following Graph APIs will require either DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All permissions to continue working:
~/deviceManagement/deviceShellScripts
~/deviceManagement/deviceHealthScripts
~/deviceManagement/deviceComplianceScripts
~/deviceManagement/deviceCustomAttributeShellScripts
~/deviceManagement/deviceManagementScripts
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-05-02
updated:
2025-05-02
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Starting July 31, 2025, Microsoft Graph Beta API will require new permissions, DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All, replacing the previous DeviceManagementConfiguration.ReadWrite.All or DeviceManagementConfiguration.Read.All, necessitating updates to applications and tools that interact with the API.
Direct effects for Operations**
API Access Disruption
Failure to update permissions will result in applications being unable to access the required Graph APIs, leading to potential service outages.
- roles: IT Administrators, Developers
- references: https://learn.microsoft.com/entra/identity-platform/howto-update-permissions, https://learn.microsoft.com/graph/api/intune-devices-devicecompliancescript-list?view=graph-rest-beta
User Experience Degradation
Users may experience interruptions in device management functionalities, such as compliance checks and script executions, affecting their productivity.
- roles: End Users, IT Support
- references: https://learn.microsoft.com/graph/api/intune-devices-devicehealthscript-list?view=graph-rest-beta, https://learn.microsoft.com/graph/api/intune-devices-deviceshellscript-list?view=graph-rest-beta
Increased Support Tickets
Unprepared changes may lead to a spike in support requests from users facing issues with device management tools, straining IT resources.
- roles: IT Support, Helpdesk Staff
- references: https://learn.microsoft.com/entra/identity-platform/howto-update-permissions?pivots=portal#grant-consent-for-the-added-permissions-for-the-enterprise-application, https://learn.microsoft.com/graph/api/resources/intune-shared-devicemanagementscript?view=graph-rest-beta
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Streamlining Permission Management
By updating to the new permissions model, organizations can streamline permission management processes. This will reduce complexity in managing permissions and enhance security by ensuring that only necessary permissions are granted to applications and scripts.
- next-steps: Conduct an audit of all applications and scripts using the deprecated permissions. Update them to the new permissions model and establish a process for regular reviews of permissions.
- roles: IT Administrators, Security Officers, Application Developers
- references: https://learn.microsoft.com/entra/identity-platform/howto-update-permissions
Improving Compliance and Security Posture
Transitioning to the new permissions can enhance the organization's compliance with security policies and standards. This will ensure that only the required permissions are in use, minimizing the risk of unauthorized access.
- next-steps: Review current compliance requirements and align the new permissions with them. Implement a monitoring solution to track permissions usage and compliance.
- roles: Compliance Officers, IT Security Teams, IT Administrators
- references: https://learn.microsoft.com/entra/identity-platform/howto-update-permissions?pivots=portal#grant-consent-for-the-added-permissions-for-the-enterprise-application
Enhancing User Experience with Updated Tools
Updating applications and tools to use the new permissions can lead to improved functionality and user experience. This can help in reducing downtime or errors related to permissions issues.
- next-steps: Identify key applications and tools that rely on the affected Graph APIs. Plan and execute updates to ensure they utilize the new permissions, providing training for users on any new features or changes.
- roles: End Users, Application Developers, IT Support Teams
- references: https://learn.microsoft.com/graph/api/intune-devices-devicecompliancescript-list?view=graph-rest-beta
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 3 weeks ago
