Enabling this allows ImmyBot to
- Sync all users from your partner tenant
- Sync all users from your customer's tenants
- Install the 365 applications a user is licensed for (Apps for business/Apps for entrprise/Project/Visio)
- Deploy software to Teams, On-Premises Security Groups (Ex. Everyone in the Engineering Team gets AutoCAD 2022)
# Create an App Registration
Navigate to: https://aad.portal.azure.com/
# Grant Permissions
# Target devices in Azure Groups
If you would also like to target devices from your Azure groups, you will need to include the
Microsoft Graph - Devices.Read.All permission.
See the screenshots below for the minimum permissions.
# Create Client Secret
# Granular Delegated Admin Permissions (GDAP)
- Create a Security Group in Azure AD called "ImmyBot Security Group"
- Add the ImmyBot Service Principal to that group
- For each customer in the Partner Center, add the "ImmyBot Security Group" and add the "Directory readers" and "Global Reader" role.
# Add to Admin Agents Group (Legacy DAP)