DeviceManagementScripts.Read.All
Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated
Full Control
All Resources
Allows the app to read Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts, without a signed-in user.
Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access
App-Only Access
Permission Details
Application Permission
Read Microsoft Intune Scripts
Allows the app to read Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts, without a signed-in user.
Permission ID:
c7a5be92-2b3d-4540-8a67-c96dcaae8b43
Delegated Permission
Admin consent required
Read Microsoft Intune Scripts
Allows the app to read Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts on behalf of the signed in user.
User sees: Allows the app to read Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attripute shell scripts and device health scripts.
Permission ID:
d32381d8-ee89-4220-9c83-b672aa68d404
Properties
Microsoft Graph v1.0
endpoint-derived
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
applePushNotificationCertificate |
object |
Apple push notification certificate. |
auditEvents |
auditEvent collection |
The Audit Events |
complianceManagementPartners |
complianceManagementPartner collection |
The list of Compliance Management Partners configured by the tenant. |
conditionalAccessSettings |
object |
The Exchange on premises conditional access settings. On premises conditional access will require devices to be both enrolled and compliant for mail access |
detectedApps |
detectedApp collection |
The list of detected apps associated with a device. |
deviceCategories |
deviceCategory collection |
The list of device categories with the tenant. |
deviceCompliancePolicies |
deviceCompliancePolicy collection |
The device compliance policies. |
deviceCompliancePolicyDeviceStateSummary |
object |
The device compliance state summary for this account. |
deviceCompliancePolicySettingStateSummaries |
deviceCompliancePolicySettingStateSummary collection |
The summary states of compliance policy settings for this account. |
deviceConfigurationDeviceStateSummaries |
object |
The device configuration device state summary for this account. |
deviceConfigurations |
deviceConfiguration collection |
The device configurations. |
deviceEnrollmentConfigurations |
deviceEnrollmentConfiguration collection |
The list of device enrollment configurations |
deviceManagementPartners |
deviceManagementPartner collection |
The list of Device Management Partners configured by the tenant. |
deviceProtectionOverview |
object |
Device protection overview. |
exchangeConnectors |
deviceManagementExchangeConnector collection |
The list of Exchange Connectors configured by the tenant. |
Showing 15 of 65 properties.
JSON Representation
Microsoft Graph v1.0
endpoint-derived
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"applePushNotificationCertificate": {
"sample": "value"
},
"auditEvents": [
{
"@type": "auditEvent",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"complianceManagementPartners": [
{
"@type": "complianceManagementPartner",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"conditionalAccessSettings": {
"sample": "value"
},
"detectedApps": [
{
"@type": "detectedApp",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"deviceCategories": [
{
"@type": "deviceCategory",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"deviceCompliancePolicies": [
{
"@type": "deviceCompliancePolicy",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"deviceCompliancePolicyDeviceStateSummary": {
"sample": "value"
},
"deviceCompliancePolicySettingStateSummaries": [
{
"@type": "deviceCompliancePolicySettingStateSummary",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"deviceConfigurationDeviceStateSummaries": {
"sample": "value"
},
"deviceConfigurations": [
{
"@type": "deviceConfiguration",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"deviceEnrollmentConfigurations": [
{
"@type": "deviceEnrollmentConfiguration",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"deviceManagementPartners": [
{
"@type": "deviceManagementPartner",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"deviceProtectionOverview": {
"sample": "value"
},
"exchangeConnectors": [
{
"@type": "deviceManagementExchangeConnector",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"id": "String",
"importedWindowsAutopilotDeviceIdentities": [
{
"@type": "importedWindowsAutopilotDeviceIdentity",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"intuneAccountId": {
"@type": "uuid",
"id": "00000000-0000-0000-0000-000000000000"
},
"intuneBrand": {
"sample": "value"
},
"iosUpdateStatuses": [
{
"@type": "iosUpdateDeviceStatus",
"id": "00000000-0000-0000-0000-000000000000"
}
]
}Relationships
Microsoft Graph v1.0
schema-derived
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
auditEvents |
auditEvent collection |
The Audit Events |
complianceManagementPartners |
complianceManagementPartner collection |
The list of Compliance Management Partners configured by the tenant. |
detectedApps |
detectedApp collection |
The list of detected apps associated with a device. |
deviceCategories |
deviceCategory collection |
The list of device categories with the tenant. |
deviceCompliancePolicies |
deviceCompliancePolicy collection |
The device compliance policies. |
deviceCompliancePolicySettingStateSummaries |
deviceCompliancePolicySettingStateSummary collection |
The summary states of compliance policy settings for this account. |
deviceConfigurations |
deviceConfiguration collection |
The device configurations. |
deviceEnrollmentConfigurations |
deviceEnrollmentConfiguration collection |
The list of device enrollment configurations |
deviceManagementPartners |
deviceManagementPartner collection |
The list of Device Management Partners configured by the tenant. |
exchangeConnectors |
deviceManagementExchangeConnector collection |
The list of Exchange Connectors configured by the tenant. |
importedWindowsAutopilotDeviceIdentities |
importedWindowsAutopilotDeviceIdentity collection |
Collection of imported Windows autopilot devices. |
intuneAccountId |
uuid |
Intune Account Id for given tenant |
iosUpdateStatuses |
iosUpdateDeviceStatus collection |
The IOS software update installation statuses for this account. |
managedDevices |
managedDevice collection |
The list of managed devices. |
mobileAppTroubleshootingEvents |
mobileAppTroubleshootingEvent collection |
The collection property of MobileAppTroubleshootingEvent. |
mobileThreatDefenseConnectors |
mobileThreatDefenseConnector collection |
The list of Mobile threat Defense connectors configured by the tenant. |
notificationMessageTemplates |
notificationMessageTemplate collection |
The Notification Message Templates. |
remoteAssistancePartners |
remoteAssistancePartner collection |
The remote assist partners. |
resourceOperations |
resourceOperation collection |
The Resource Operations. |
roleAssignments |
deviceAndAppManagementRoleAssignment collection |
The Role Assignments. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
No API methods available for this version.
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
No Microsoft Learn PowerShell mapping available
Microsoft Graph PowerShell v1.0 commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.
No deterministic PowerShell command map is available for this permission.
Browse PowerShell docs
No Microsoft Learn PowerShell mapping available
Microsoft Graph PowerShell beta commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.
No deterministic PowerShell command map is available for this permission.
Browse PowerShell docsCode Examples
C# / .NET SDK
using Azure.Identity;
using Microsoft.Graph;
var scopes = new[] { "DeviceManagementScripts.Read.All" };
var credential = new InteractiveBrowserCredential(
new InteractiveBrowserCredentialOptions
{
ClientId = "YOUR_CLIENT_ID",
TenantId = "YOUR_TENANT_ID",
RedirectUri = new Uri("http://localhost")
});
var graphClient = new GraphServiceClient(credential, scopes);
var response = await graphClient
.WithUrl("https://graph.microsoft.com/v1.0/deviceManagement/deviceComplianceScripts")
.GetAsync();
JavaScript
import { Client } from "@microsoft/microsoft-graph-client";
import { InteractiveBrowserCredential } from "@azure/identity";
const credential = new InteractiveBrowserCredential({
clientId: "YOUR_CLIENT_ID",
tenantId: "YOUR_TENANT_ID",
redirectUri: "http://localhost"
});
const token = await credential.getToken(["DeviceManagementScripts.Read.All"]);
const client = Client.init({
authProvider: (done) => done(null, token.token)
});
const response = await client.api("/deviceManagement/deviceComplianceScripts").get();
PowerShell
Connect-MgGraph -Scopes "DeviceManagementScripts.Read.All"
Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/deviceManagement/deviceComplianceScripts"
Python
from azure.identity import InteractiveBrowserCredential
import requests
credential = InteractiveBrowserCredential(
client_id="YOUR_CLIENT_ID",
tenant_id="YOUR_TENANT_ID"
)
token = credential.get_token("DeviceManagementScripts.Read.All")
response = requests.get(
"https://graph.microsoft.com/v1.0/deviceManagement/deviceComplianceScripts",
headers={"Authorization": f"Bearer {token.token}"}
)
print(response.json())App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Application permissions or delegated permissions and search for DeviceManagementScripts.Read.All
4
Grant Admin Consent
Application permissions always require admin consent.