ESC
Type to search...
Navigate Open ESC Close

DeviceManagementScripts.ReadWrite.All

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write All Resources

Allows the app to read and write Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts, without a signed-in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read and write Microsoft Intune Scripts

Allows the app to read and write Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts, without a signed-in user.

Permission ID: 9255e99d-faf5-445e-bbf7-cb71482737c4
Delegated Permission Admin consent required

Read and write Microsoft Intune Scripts

Allows the app to read and write Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts on behalf of the signed in user.

User sees: Allows the app to read and write Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attripute shell scripts and device health scripts.
Permission ID: 8b9d79d0-ad75-4566-8619-f7500ecfcebe

Properties

Microsoft Graph v1.0 endpoint-derived

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
applePushNotificationCertificate object Apple push notification certificate.
auditEvents auditEvent collection The Audit Events
complianceManagementPartners complianceManagementPartner collection The list of Compliance Management Partners configured by the tenant.
conditionalAccessSettings object The Exchange on premises conditional access settings. On premises conditional access will require devices to be both enrolled and compliant for mail access
detectedApps detectedApp collection The list of detected apps associated with a device.
deviceCategories deviceCategory collection The list of device categories with the tenant.
deviceCompliancePolicies deviceCompliancePolicy collection The device compliance policies.
deviceCompliancePolicyDeviceStateSummary object The device compliance state summary for this account.
deviceCompliancePolicySettingStateSummaries deviceCompliancePolicySettingStateSummary collection The summary states of compliance policy settings for this account.
deviceConfigurationDeviceStateSummaries object The device configuration device state summary for this account.
deviceConfigurations deviceConfiguration collection The device configurations.
deviceEnrollmentConfigurations deviceEnrollmentConfiguration collection The list of device enrollment configurations
deviceManagementPartners deviceManagementPartner collection The list of Device Management Partners configured by the tenant.
deviceProtectionOverview object Device protection overview.
exchangeConnectors deviceManagementExchangeConnector collection The list of Exchange Connectors configured by the tenant.

Showing 15 of 65 properties.

JSON Representation

Microsoft Graph v1.0 endpoint-derived

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "applePushNotificationCertificate": {
    "sample": "value"
  },
  "auditEvents": [
    {
      "@type": "auditEvent",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "complianceManagementPartners": [
    {
      "@type": "complianceManagementPartner",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "conditionalAccessSettings": {
    "sample": "value"
  },
  "detectedApps": [
    {
      "@type": "detectedApp",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "deviceCategories": [
    {
      "@type": "deviceCategory",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "deviceCompliancePolicies": [
    {
      "@type": "deviceCompliancePolicy",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "deviceCompliancePolicyDeviceStateSummary": {
    "sample": "value"
  },
  "deviceCompliancePolicySettingStateSummaries": [
    {
      "@type": "deviceCompliancePolicySettingStateSummary",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "deviceConfigurationDeviceStateSummaries": {
    "sample": "value"
  },
  "deviceConfigurations": [
    {
      "@type": "deviceConfiguration",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "deviceEnrollmentConfigurations": [
    {
      "@type": "deviceEnrollmentConfiguration",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "deviceManagementPartners": [
    {
      "@type": "deviceManagementPartner",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "deviceProtectionOverview": {
    "sample": "value"
  },
  "exchangeConnectors": [
    {
      "@type": "deviceManagementExchangeConnector",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "id": "String",
  "importedWindowsAutopilotDeviceIdentities": [
    {
      "@type": "importedWindowsAutopilotDeviceIdentity",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "intuneAccountId": {
    "@type": "uuid",
    "id": "00000000-0000-0000-0000-000000000000"
  },
  "intuneBrand": {
    "sample": "value"
  },
  "iosUpdateStatuses": [
    {
      "@type": "iosUpdateDeviceStatus",
      "id": "00000000-0000-0000-0000-000000000000"
    }
  ]
}

Relationships

Microsoft Graph v1.0 schema-derived

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
auditEvents auditEvent collection The Audit Events
complianceManagementPartners complianceManagementPartner collection The list of Compliance Management Partners configured by the tenant.
detectedApps detectedApp collection The list of detected apps associated with a device.
deviceCategories deviceCategory collection The list of device categories with the tenant.
deviceCompliancePolicies deviceCompliancePolicy collection The device compliance policies.
deviceCompliancePolicySettingStateSummaries deviceCompliancePolicySettingStateSummary collection The summary states of compliance policy settings for this account.
deviceConfigurations deviceConfiguration collection The device configurations.
deviceEnrollmentConfigurations deviceEnrollmentConfiguration collection The list of device enrollment configurations
deviceManagementPartners deviceManagementPartner collection The list of Device Management Partners configured by the tenant.
exchangeConnectors deviceManagementExchangeConnector collection The list of Exchange Connectors configured by the tenant.
importedWindowsAutopilotDeviceIdentities importedWindowsAutopilotDeviceIdentity collection Collection of imported Windows autopilot devices.
intuneAccountId uuid Intune Account Id for given tenant
iosUpdateStatuses iosUpdateDeviceStatus collection The IOS software update installation statuses for this account.
managedDevices managedDevice collection The list of managed devices.
mobileAppTroubleshootingEvents mobileAppTroubleshootingEvent collection The collection property of MobileAppTroubleshootingEvent.
mobileThreatDefenseConnectors mobileThreatDefenseConnector collection The list of Mobile threat Defense connectors configured by the tenant.
notificationMessageTemplates notificationMessageTemplate collection The Notification Message Templates.
remoteAssistancePartners remoteAssistancePartner collection The remote assist partners.
resourceOperations resourceOperation collection The Resource Operations.
roleAssignments deviceAndAppManagementRoleAssignment collection The Role Assignments.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

No API methods available for this version.

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /deviceManagement/deviceComplianceScripts
GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}
GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/assignments
GET /deviceManagement/deviceCustomAttributeShellScripts
GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}
GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/deviceRunStates
GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/groupAssignments
GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/runSummary
GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/userRunStates
GET /deviceManagement/deviceHealthScripts
GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}
GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assignments
GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates
GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/getRemediationHistory
GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/runSummary
GET /deviceManagement/deviceHealthScripts/areGlobalScriptsAvailable
GET /deviceManagement/deviceHealthScripts/getRemediationSummary
GET /deviceManagement/deviceManagementScripts
GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}
GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates
GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/groupAssignments
GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/runSummary
GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/userRunStates
GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/userRunStates/{deviceManagementScriptUserStateId}/deviceRunStates
GET /deviceManagement/deviceShellScripts
GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}
GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/deviceRunStates
GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/groupAssignments
GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/runSummary
GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/userRunStates
POST /deviceManagement/deviceComplianceScripts
POST /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/assign
POST /deviceManagement/deviceCustomAttributeShellScripts
POST /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/assign
POST /deviceManagement/deviceHealthScripts
POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assign
POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/getGlobalScriptHighestAvailableVersion
POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/updateGlobalScript
POST /deviceManagement/deviceHealthScripts/enableGlobalScripts
POST /deviceManagement/deviceManagementScripts
POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/assign
POST /deviceManagement/deviceShellScripts
POST /deviceManagement/deviceShellScripts/{deviceShellScriptId}/assign
PATCH /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}
PATCH /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}
PATCH /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}
PATCH /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}
PATCH /deviceManagement/deviceShellScripts/{deviceShellScriptId}
DELETE /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}
DELETE /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}
DELETE /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}
DELETE /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}
DELETE /deviceManagement/deviceShellScripts/{deviceShellScriptId}
No Microsoft Learn PowerShell mapping available

Microsoft Graph PowerShell v1.0 commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs
No Microsoft Learn PowerShell mapping available

Microsoft Graph PowerShell beta commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs

Code Examples

C# / .NET SDK 
using Azure.Identity;
using Microsoft.Graph;

var scopes = new[] { "DeviceManagementScripts.ReadWrite.All" };
var credential = new InteractiveBrowserCredential(
    new InteractiveBrowserCredentialOptions
    {
        ClientId = "YOUR_CLIENT_ID",
        TenantId = "YOUR_TENANT_ID",
        RedirectUri = new Uri("http://localhost")
    });

var graphClient = new GraphServiceClient(credential, scopes);
var response = await graphClient
    .WithUrl("https://graph.microsoft.com/v1.0/deviceManagement/deviceComplianceScripts")
    .GetAsync();
JavaScript 
import { Client } from "@microsoft/microsoft-graph-client";
import { InteractiveBrowserCredential } from "@azure/identity";

const credential = new InteractiveBrowserCredential({
  clientId: "YOUR_CLIENT_ID",
  tenantId: "YOUR_TENANT_ID",
  redirectUri: "http://localhost"
});

const token = await credential.getToken(["DeviceManagementScripts.ReadWrite.All"]);
const client = Client.init({
  authProvider: (done) => done(null, token.token)
});

const response = await client.api("/deviceManagement/deviceComplianceScripts").get();
PowerShell 
Connect-MgGraph -Scopes "DeviceManagementScripts.ReadWrite.All"
Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/deviceManagement/deviceComplianceScripts"
Python 
from azure.identity import InteractiveBrowserCredential
import requests

credential = InteractiveBrowserCredential(
    client_id="YOUR_CLIENT_ID",
    tenant_id="YOUR_TENANT_ID"
)

token = credential.get_token("DeviceManagementScripts.ReadWrite.All")
response = requests.get(
    "https://graph.microsoft.com/v1.0/deviceManagement/deviceComplianceScripts",
    headers={"Authorization": f"Bearer {token.token}"}
)

print(response.json())

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for DeviceManagementScripts.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.