DeviceManagementServiceConfig.ReadWrite.All
Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated
Read/Write
All Resources
Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.
Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access
App-Only Access
Permission Details
Application Permission
Read and write Microsoft Intune configuration
Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.
Permission ID:
5ac13192-7ace-4fcf-b828-1a26f28068ee
Delegated Permission
Admin consent required
Read and write Microsoft Intune configuration
Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration.
User sees: Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration.
Permission ID:
662ed50a-ac44-4eef-ad86-62eed9be2a29
Properties
Microsoft Graph v1.0
endpoint-derived-docs
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
assignedPlans |
assignedPlan collection |
The collection of service plans associated with the tenant. Not nullable. |
businessPhones |
String collection |
Telephone number for the organization. Although this property is a string collection, only one number can be set. |
city |
String |
City name of the address for the organization. |
country |
String |
Country or region name of the address for the organization. |
countryLetterCode |
String |
Country or region abbreviation for the organization in ISO 3166-2 format. |
createdDateTime |
DateTimeOffset |
Timestamp of when the organization was created. The value can't be modified and is automatically populated when the organization is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. |
defaultUsageLocation |
String |
Two-letter ISO 3166 country code indicating the default service usage location of an organization. |
deletedDateTime |
DateTimeOffset |
Represents date and time of when the Microsoft Entra tenant was deleted using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. |
displayName |
String |
The display name for the tenant. |
id |
String |
The tenant ID, a unique identifier representing the organization (or tenant). Inherited from directoryObject. Key. Not nullable. Read-only. |
isMultipleDataLocationsForServicesEnabled |
Boolean |
true if organization is Multi-Geo enabled; false if the organization isn't Multi-Geo enabled; null (default). Read-only. For more information, see OneDrive Online Multi-Geo. |
marketingNotificationEmails |
String collection |
Not nullable. |
onPremisesLastSyncDateTime |
DateTimeOffset |
The time and date at which the tenant was last synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. |
onPremisesSyncEnabled |
Boolean |
true if this object is synced from an on-premises directory; false if this object was originally synced from an on-premises directory but is no longer synced. Nullable. null if this object isn't synced from on-premises active directory (default). |
partnerTenantType |
partnerTenantType |
The type of partnership this tenant has with Microsoft. The possible values are: microsoftSupport, syndicatePartner, breadthPartner, breadthPartnerDelegatedAdmin, resellerPartnerDelegatedAdmin, valueAddedResellerPartnerDelegatedAdmin, unknownFutureValue. Nullable. For more information about the possible types, see partnerTenantType values. |
Showing 15 of 45 properties.
JSON Representation
Microsoft Graph v1.0
endpoint-derived-docs
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"assignedPlans": [
{
"@odata.type": "microsoft.graph.assignedPlan"
}
],
"businessPhones": [
"string"
],
"city": "string",
"country": "string",
"countryLetterCode": "string",
"createdDateTime": "String (timestamp)",
"defaultUsageLocation": "String",
"deletedDateTime": "String (timestamp)",
"displayName": "string",
"id": "string (identifier)",
"isMultipleDataLocationsForServicesEnabled": "boolean",
"marketingNotificationEmails": [
"string"
],
"onPremisesLastSyncDateTime": "String (timestamp)",
"onPremisesSyncEnabled": true,
"partnerTenantType": "String",
"postalCode": "string",
"preferredLanguage": "string",
"privacyProfile": {
"@odata.type": "microsoft.graph.privacyProfile"
},
"provisionedPlans": [
{
"@odata.type": "microsoft.graph.provisionedPlan"
}
],
"securityComplianceNotificationMails": [
"string"
],
"securityComplianceNotificationPhones": [
"string"
],
"state": "string",
"street": "string",
"technicalNotificationMails": [
"string"
],
"tenantType": "string",
"verifiedDomains": [
{
"@odata.type": "microsoft.graph.verifiedDomain"
}
]
}Relationships
Microsoft Graph v1.0
endpoint-derived-docs
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
certificateBasedAuthConfiguration |
certificateBasedAuthConfiguration collection |
Navigation property to manage certificate-based authentication configuration. Only a single instance of certificateBasedAuthConfiguration can be created in the collection. |
extensions |
extension collection |
The collection of open extensions defined for the organization. Read-only. Nullable. |
branding |
organizationalBranding |
Branding for the organization. Nullable. |
androidManagedAppProtections |
androidManagedAppProtection collection |
Android managed app policies. |
defaultManagedAppProtections |
defaultManagedAppProtection collection |
Default managed app policies. |
iosManagedAppProtections |
iosManagedAppProtection collection |
iOS managed app policies. |
managedAppPolicies |
managedAppPolicy collection |
Managed app policies. |
managedAppRegistrations |
managedAppRegistration collection |
The managed app registrations. |
managedAppStatuses |
managedAppStatus collection |
The managed app statuses. |
managedEBooks |
managedEBook collection |
The Managed eBook. |
mdmWindowsInformationProtectionPolicies |
mdmWindowsInformationProtectionPolicy collection |
Windows information protection for apps running on devices which are MDM enrolled. |
mobileAppCategories |
mobileAppCategory collection |
The mobile app categories. |
mobileAppConfigurations |
managedDeviceMobileAppConfiguration collection |
The Managed Device Mobile Application Configurations. |
mobileAppRelationships |
mobileAppRelationship collection |
The mobile app relationship represents the dependency or supersedence relationship between two Intune mobile LOB applications. |
mobileApps |
mobileApp collection |
The mobile apps. |
targetedManagedAppConfigurations |
targetedManagedAppConfiguration collection |
Targeted managed app configurations. |
vppTokens |
vppToken collection |
List of Vpp tokens for this organization. |
windowsInformationProtectionPolicies |
windowsInformationProtectionPolicy collection |
Windows information protection for apps running on devices which are not MDM enrolled. |
deviceAppManagementTasks |
deviceAppManagementTask collection |
Device app management tasks. |
enterpriseCodeSigningCertificates |
enterpriseCodeSigningCertificate collection |
The Windows Enterprise Code Signing Certificate. |
iosLobAppProvisioningConfigurations |
iosLobAppProvisioningConfiguration collection |
The IOS Lob App Provisioning Configurations. |
managedEBookCategories |
managedEBookCategory collection |
The mobile eBook categories. |
microsoftStoreForBusinessPortalSelection |
microsoftStoreForBusinessPortalSelectionOptions |
Related microsoftStoreForBusinessPortalSelection data exposed by this resource. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
No deterministic PowerShell command map is available for this permission.
Browse PowerShell docsCode Examples
C# / .NET SDK
beginOnboarding action
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.DeviceManagement.RemoteAssistancePartners["{remoteAssistancePartner-id}"].BeginOnboarding.PostAsync();
JavaScript
beginOnboarding action
const options = {
authProvider,
};
const client = Client.init(options);
await client.api('/deviceManagement/remoteAssistancePartners/{remoteAssistancePartnerId}/beginOnboarding')
.post();
PowerShell
beginOnboarding action
Import-Module Microsoft.Graph.DeviceManagement.Administration
Invoke-MgBeginDeviceManagementRemoteAssistancePartnerOnboarding -RemoteAssistancePartnerId $remoteAssistancePartnerId
Python
beginOnboarding action
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.device_management.remote_assistance_partners.by_remote_assistance_partner_id('remoteAssistancePartner-id').begin_onboarding.post()App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Application permissions or delegated permissions and search for DeviceManagementServiceConfig.ReadWrite.All
4
Grant Admin Consent
Application permissions always require admin consent.