Intune – Update your scripts to use a registered Entra ID application ID

If you use PowerShell to manage your Intune tenant, you are most probably using the Intune PowerShell application (d1ddf0e4-d672-4dae-b554-9d5bdfd93547).

Well, as the global Microsoft Intune PowerShell application authentication is being deprecated, you need to create a new Entra ID Application and update your scripts using the application ID d1ddf0e4-d672-4dae-b554-9d5bdfd93547 to use your new custom application by April 1st, 2024.

This change is due to the move to use the MS Graph SDK.

When creating the new application you will need to grant the same delegated permissions (API permissions):

  • Microsoft Graph
    • DeviceManagementManagedDevices.PrivilegedOperations.All
    • DeviceManagementManagedDevices.ReadWrite.All
    • DeviceManagementRBAC.ReadWrite.All
    • DeviceManagementApps.ReadWrite.All
    • DeviceManagementConfiguration.ReadWrite.All
    • DeviceManagementServiceConfig.ReadWrite.All
    • Group.ReadWrite.All
    • Directory.Read.All
    • openid.Sign users in
    • User.ReadWrite.All
    • Policy.Read.All
    • Policy.ReadWrite.ConditionalAccess
    • Application.Read.All
    • Agreement.ReadWrite.All
    • Organization.ReadWrite.All
    • CloudPC.ReadWrite.All
    • profile
    • offline_access
  • Windows Azure Active Directory
    • User.Read
    • Group.Read.All


To register a new application, follow the following steps Quickstart: Register an app in the Microsoft identity platform – Microsoft identity platform | Microsoft Learn; off course the scope (Supported account types) must be limited to accounts in your organization.

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.