Entra ID Directory Permissions¶
Anyware Manager Enterprise needs access to an Entra ID directory instance to assign groups and users to virtual desktops or physical workstations. Additionally, Anyware Manager Enterprise uses the Azure Graph API to create, configure, and manage Windows 365 Cloud PCs.
The following table lists the permissions required by the Entra ID enterprise application.
| Permission | Reason |
|---|---|
| Read and write to all applications | Install Anyware Manager Enterprise/service principal for Graph API access and automation. |
| Manage app permission grants and app role assignments | Configure Anyware Manager Enterprise for access to the Entra ID instance. |
| Maintain access to data you have given access to | Manage Entra and Windows 365 Cloud PC profiles and attributes. |
| Read organization information | View Entra tenant information, including Marketplace purchased licenses. |
| Read and write to Cloud PCs | Manage Windows 365 Cloud PCs. |
| Read and write Microsoft Intune device configuration and policies | Configure Windows 365 Cloud PCs. |
| Perform user impacting remote actions to Microsoft Intune devices | Manage Windows 365 Cloud PCs. |
| Read directory data | View the list of Entra users. |
| Read and write to all groups | View the list of Entra groups. |
| Sign in and read user profile | View details of Entra users. |