What Microsoft Graph permissions does EndpointClarity need?

EndpointClarity uses scoped Microsoft Graph permissions needed for reporting and dashboard data. The exact permissions depend on the reports selected and are reviewed before access is granted.

Does EndpointClarity need device management permissions?

EndpointClarity is designed for reporting-only visibility and does not require permissions to wipe, retire, delete, enroll, or change device policies for reporting use cases.

Can Microsoft Graph access be revoked?

Yes. Microsoft Graph application access can be reviewed and revoked by tenant administrators through Microsoft Entra admin workflows.

Microsoft Graph permissions

Reporting-Only Microsoft Graph Access for Intune Dashboards

EndpointClarity is designed around scoped Microsoft Graph access for reporting use cases: dashboards, compliance summaries, inactive device cleanup, lifecycle reporting, and executive visibility.

Request Early Access View Privacy Policy

What Access Supports

Permissions are tied to reporting outcomes.

Required access depends on the reports selected. The goal is to collect only the signals needed to build useful, reviewable dashboards.

Device inventory reporting

Device names, platforms, operating system versions, enrollment details, ownership signals, and last check-in timestamps.

Compliance dashboards

Compliance state, risk queues, unknown status, noncompliance concentration, and platform or region breakdowns.

Lifecycle cleanup reports

Inactive devices, stale records, duplicate signals, missing metadata, and aging buckets for cleanup prioritization.

Boundaries

What EndpointClarity does not do for reporting access

The reporting workflow is intentionally separate from device-management actions.

No device wipe actions

Reporting access is not intended to wipe, retire, reset, or remove managed devices.

No policy changes

EndpointClarity reporting does not require changing Intune compliance policies, configuration profiles, or enrollment settings.

No hidden administration

Access should be reviewed with tenant administrators and can be monitored or revoked through Microsoft Entra.

Permission Review

Common reporting signal categories

This page is not a final permission list. Exact scopes depend on selected dashboards, tenant configuration, and onboarding review.

Managed device details Supports inventory counts, platform views, operating system reporting, last check-in analysis, and lifecycle cleanup.

Compliance state Supports compliant, noncompliant, unknown, and at-risk device dashboards for operational and executive reporting.

User and ownership signals Supports owner validation, missing-owner review, regional reporting, and cleanup prioritization where enabled.

Policy/reporting context Supports summary reporting around configuration, compliance posture, and stakeholder-ready recommendation notes.

FAQ

Microsoft Graph permissions questions

What Microsoft Graph permissions are needed?

EndpointClarity uses scoped Microsoft Graph permissions needed for reporting and dashboard data. Exact permissions are reviewed before access is granted.

Are device management actions required?

No. Reporting use cases do not require permissions to wipe, retire, delete, enroll, or change device policies.

Can access be revoked?

Yes. Tenant administrators can review and revoke Microsoft Graph application access through Microsoft Entra admin workflows.

Next Step

Review access before connecting anything.

Start with the reports your team needs. EndpointClarity can map those reporting goals to the Graph signals required for dashboards and summaries.

Request Early Access View Intune Reporting