App registration requires group read / write permission even when not using "-AddGroup" #26

darkorion6661 · 2025-02-18T08:57:46Z

Hi Andrew,

One thing with the get-windowsautopilotinfo and your community fork is that the app registration I have currently doesn't suffice because the script tries to connect to graph with "Group.ReadWrite.All" access even without the "-AddGroup" parameter.

I note in the script that the "Connect-ToGraph" calls the same scopes regardless of the parameter passed.

    # Connect
    if ($AppId -ne "") {
        Connect-ToGraph -AppId $AppId -AppSecret $AppSecret -Tenant $TenantId
    }
    else {
        $graph = Connect-ToGraph -scopes "Group.ReadWrite.All, Device.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, GroupMember.ReadWrite.All"
        Write-Host "Connected to Intune tenant $($graph.TenantId)"
        if ($AddToGroup) {
            $aadId = Connect-ToGraph -scopes "Group.ReadWrite.All, Device.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, GroupMember.ReadWrite.All"
            Write-Host "Connected to Azure AD tenant $($aadId.TenantId)"
        }
    }

Would it be at all possible to only use the "Group.ReadWrite.All, GroupMember.ReadWrite.All" if $AddToGroup is true?

The text was updated successfully, but these errors were encountered:

andrew-s-taylor · 2025-02-18T09:04:28Z

I can't see that causing any issues, have updated it in 5.0.3 which is online now

darkorion6661 · 2025-02-18T09:14:10Z

Whoah! Thanks so much for your quick response! I’ll check it out Sent from Outlook for iOS<https://aka.ms/o0ukef>

…

________________________________ From: Andrew Taylor ***@***.***> Sent: Tuesday, February 18, 2025 7:04:51 PM To: andrew-s-taylor/WindowsAutopilotInfo ***@***.***> Cc: darkorion6661 ***@***.***>; Author ***@***.***> Subject: Re: [andrew-s-taylor/WindowsAutopilotInfo] App registration requires group read / write permission even when not using "-AddGroup" (Issue #26) I can't see that causing any issues, have updated it in 5.0.3 which is online now — Reply to this email directly, view it on GitHub<#26 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AEM3UIJKJS3JUOI53HBC74T2QLZTHAVCNFSM6AAAAABXLCHSJ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRVGAYDINBQGE>. You are receiving this because you authored the thread.Message ID: ***@***.***> [andrew-s-taylor]andrew-s-taylor left a comment (andrew-s-taylor/WindowsAutopilotInfo#26)<#26 (comment)> I can't see that causing any issues, have updated it in 5.0.3 which is online now — Reply to this email directly, view it on GitHub<#26 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AEM3UIJKJS3JUOI53HBC74T2QLZTHAVCNFSM6AAAAABXLCHSJ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRVGAYDINBQGE>. You are receiving this because you authored the thread.Message ID: ***@***.***>

andrew-s-taylor closed this as completed Feb 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

App registration requires group read / write permission even when not using "-AddGroup" #26

App registration requires group read / write permission even when not using "-AddGroup" #26

darkorion6661 commented Feb 18, 2025

andrew-s-taylor commented Feb 18, 2025

darkorion6661 commented Feb 18, 2025 via email

App registration requires group read / write permission even when not using "-AddGroup" #26

App registration requires group read / write permission even when not using "-AddGroup" #26

Comments

darkorion6661 commented Feb 18, 2025

andrew-s-taylor commented Feb 18, 2025

darkorion6661 commented Feb 18, 2025 via email