To ensure that CoreView functions seamlessly with applications such as Endpoint, BitLocker, and SharePoint, it is essential to grant the necessary permissions to the CoreView app on the Microsoft side.
List of extra consents and permissions to grant
If Endpoint manager permissions are not granted to the CoreView app on the Microsoft side, CoreView cannot perform actions using the Endpoint manager module. This set of permissions is required because Endpoint manager actions do not use PowerShell cmdlets; instead, they utilize Graph APIs, which require a different set of permissions.
CoreView Management Integration requires the following Azure AD application permissions:
- [Microsoft Graph] Device management managed devices privileged operations all: perform user-impacting remote actions on Microsoft Intune devices
- [Microsoft Graph] Device management managed devices read write all: read and write Microsoft Intune devices
- [Microsoft Graph] Device management service config read write all: read and write Microsoft Intune devices
Please note that on the consent authorization screen, the wording will be “CoreView Management Integration” and not “Endpoint”.
To enable SharePoint management actions through CoreView and activate the import process, it is essential to grant additional consent.
CoreView SharePoint Integration requires the following Azure AD application permissions:
- [Azure Active Directory Graph] User read: enable sign-on and read users' profiles
- [Microsoft Graph] Directory read all: read directory data
- [Microsoft Graph] Group read write all: read and write all groups
- [SharePoint] Sites full control all: have full control of all site collections
To ensure that data is being displayed in the BitLocker keys report and to enable the ability to view and manage BitLocker keys, it is essential to grant additional consent. This consent allows for the retrieval of data for the BitLocker keys report.
CoreView BitLocker API requires the following Azure AD application permissions:
- [Microsoft Graph] BitLockerKey read all: read BitLocker keys
- [Microsoft Graph] User read: sign in and read user profile
In case you have purchased the Teams Voice add-on, you need to provide additional consent to import Teams Voice data (calls, PSNT usage) into CoreView. Please refer to the documentation about Teams Voice Connector .
Check granted consents
To check if you have provided consent for each application:
- If the “consent needed” column displays “true”, it indicates that CoreView does not have the necessary consent to manage that application. In such cases, you should grant the consent by following the guide below.
- If “consent needed” is equal to “false”, that indicates that CoreView has the consent needed to manage that application.
To provide consent to different applications:
- Navigate to the “SETTINGS” > “My organization” > “Consent management” section.
- On this page, click on the icon located in the “Consent URL” column that corresponds to the app for which you want to grant consent. As you click, the URL will be automatically copied to your clipboard.
- Open a private browser session while using an Microsoft 365 account that has Global Admin permissions.
- Paste the copied URL into the address bar of the browser and press enter.