Azure Active Directory Discovery Permission Configuration

If missed, please refer to the Azure Credential Generation and Configuration guide here.

 

Permission Configuration:

1. Navigate to https://portal.azure.com/ 

 

2. In the administrative ribbon called 'Azure services' open 'Azure Active Directory'

 

3. Select 'App registrations' in the left navigation menu

 

4. Open existing application that was created during credential generation following guide found at beginning of this KB.

 

5. Open 'API permissions' in left navigation menu

 

6. Select 'Add a permission', select 'Microsoft Graph' and select 'Application permissions' and add the following application permissions:

AdministrativeUnit.Read.All
Contacts.Read
Contacts.ReadWrite
Device.Read.All
DeviceManagementApps.ReadWrite.All
DeviceManagementConfiguration.Read.All
DeviceManagementConfiguration.ReadWrite.All
DeviceManagementManagedDevices.Read.All
Directory.Read.All
Directory.ReadWrite.All
Domain.Read.All
Group.Create
Group.Read.All
Group.ReadWrite.All
GroupMember.Read.All
GroupMember.ReadWrite.All
OrgContact.Read.All
User.Read.All

 

7. Click 'Grant admin consent for %AzureActiveDirectoryName%' and click 'Yes' to confirm

Note: It can take up to an hour for these permissions to be applied within Azure by Microsoft.

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us
Provide feedback for the Documentation team!