check before: 2025-07-31
Product:
Entra, Intune, Microsoft Graph
Platform:
Developer, Online, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Summary:
Starting July 31, 2025, certain Microsoft Graph Beta APIs will require either DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All permissions. Previously, they required DeviceManagementConfiguration.ReadWrite.All or DeviceManagementConfiguration.Read.All. Update any apps, scripts, or tools accordingly. Detailed instructions are available in the provided links.
Details:
As mentioned in MC1066336, starting July 31, 2025, or soon after, the following Graph APIs will require either DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All permissions to continue working:
~/deviceManagement/deviceShellScripts
~/deviceManagement/deviceHealthScripts
~/deviceManagement/deviceComplianceScripts
~/deviceManagement/deviceCustomAttributeShellScripts
~/deviceManagement/deviceManagementScripts
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-07-02
updated:
2025-07-02
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
API Access Disruption
If the required permissions are not updated, applications relying on the affected Graph APIs will fail to function, leading to potential service disruptions.
- roles: IT Administrator, Application Developer
- references: https://learn.microsoft.com/entra/identity-platform/howto-update-permissions, https://learn.microsoft.com/graph/api/intune-devices-devicecompliancescript-list?view=graph-rest-beta
User Experience Degradation
Users may experience degraded functionality or inability to access certain device management features if the applications fail due to outdated permissions.
- roles: End User, Support Technician
- references: https://learn.microsoft.com/graph/api/intune-devices-devicehealthscript-list?view=graph-rest-beta, https://learn.microsoft.com/graph/api/intune-devices-deviceshellscript-list?view=graph-rest-beta
Increased Support Tickets
Failure to update permissions may lead to an increase in support tickets from users facing issues, impacting the support team's workload and response times.
- roles: Support Technician, IT Manager
- references: https://learn.microsoft.com/entra/identity-platform/howto-update-permissions?pivots=portal#grant-consent-for-the-added-permissions-for-the-enterprise-application, https://learn.microsoft.com/graph/api/resources/intune-shared-devicemanagementscript?view=graph-rest-beta
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Imagine you're running a law firm, and you've always used a specific key to unlock your office. One day, the building management decides to change the locks. They inform you that, starting in a couple of years, you'll need a new key to access your office. To continue your work without interruption, you must get this new key before the deadline.
Similarly, Microsoft is updating the "keys" or permissions required to access certain parts of their Graph Beta API, which is a tool developers use to manage devices in a network. Previously, the permissions needed were like your old office key. But starting July 31, 2025, you'll need a new set of permissions—like a new key—to continue using these APIs. This change affects various device management scripts that help automate tasks like checking device health or compliance.
If your business uses any applications or scripts that interact with these APIs, it's crucial to update them with the new permissions. Think of it as ensuring all your employees have the new office key before the locks change. This way, when the change happens, your operations continue smoothly without any disruptions.
To make these updates, you can follow the detailed instructions provided by Microsoft. It's like following a step-by-step guide to get your new office keys and distribute them to your team. This preparation ensures that when the new permissions are enforced, your tools and applications will still function correctly, just like your team can still access the office with their new keys.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 months ago ago
