Set Up Intune Permissions for CustomApps Upload

To upload a CapaOne CustomApp to Intune, you will need to set up the required permissions in Intune. In this guide, we will show you how to achieve this.

Important

The tenant must have an active Intune Subscription. Trying to upload to Intune without a subscription will fail with the error:

“Missing required permission”: DeviceManagementApps.ReadWrite.All“

Before you get started

Make sure you have an Azure AD Integration setup in Intune and CapaOne. If not, you can follow this guide on how to set up the Integration: Integrate CapaOne with Entra ID

Configure Intune permissions

1. Log in to the Azure Portal

   • Navigate to https://portal.azure.com/ and log in to your account.

2. Navigate to App Registrations

   • In the left menu, select Azure Active Directory
   • Click on App registrations

3. Select or Create an Application

   • Choose an existing app registration, or
   • Click New registration to create a new app

4. Configure API Permissions

   • In your app registration, go to Manage > API permissions
   • Click Add a permission

5. Add Required Intune Permissions

   • Select Microsoft Graph

   • Choose Application permissions

   • Search for and add the following permissions:

     • Organization.Read.All
     • DeviceManagementApps.ReadWrite.All
     • DeviceManagementConfiguration.ReadWrite.All
     • DeviceManagementServiceConfig.ReadWrite.All

6. Grant Admin Consent

   • After adding permissions, click Grant admin consent for your organization.

7. Verify Permissions

   • Ensure the permissions are listed and show as “Granted for [Your Organization]”

Your app permissions should look like this

Additional resources

• Microsoft: Permissions reference for Microsoft Graph