PAG Intune Tenant Documentation¶

Welcome to the documentation site for the PAG Microsoft Intune tenant golden image.

This repository is a complete configuration snapshot of the PAG tenant (272fb217-a998-4e78-9b3e-d4e917d6cc01) that can be used as a deployment template for new tenants.

Snapshot at a Glance¶

Property	Value
Tenant Name	PAG
Tenant ID	`272fb217-a998-4e78-9b3e-d4e917d6cc01`
Primary Domain	`pag.onmicrosoft.com`
Extracted	2026-03-23
Graph API Version	beta
Total Objects Exported	213

Configuration Summary¶

Domain	Count	Status
Configuration Policies (Settings Catalog)	109	✅ Complete
Device Configurations (Templates)	23	✅ Complete
Group Policy Configurations (ADMX)	0	✅ Complete
Security Baselines (Intents)	0	✅ Complete
Compliance Policies	11	✅ Complete
Enrollment Configurations	8	✅ Complete
Assignment Filters	9	✅ Complete
App Protection Policies	3	✅ Complete (1 iOS, 2 Android)
App Configuration Policies	1	✅ Complete
Autopilot Deployment Profiles	0	✅ Complete
Windows Update Rings	6	✅ Complete
Feature Update Profiles	1	✅ Complete
Driver Update Profiles	5	✅ Complete
PowerShell Scripts	5	✅ Complete
Shell Scripts (macOS)	2	✅ Complete
Mobile Apps (assigned)	31	✅ Complete
Connectors	1	✅ Complete (MTD active)
Entra Groups	17	✅ Complete
Entra Device Registration Policy	—	⚠️ Missing (permission gap)
Conditional Access	—	⚠️ Missing (permission gap)

Required Permissions¶

Scope	Purpose
`DeviceManagementConfiguration.ReadWrite.All`	Configuration and compliance policies
`DeviceManagementApps.ReadWrite.All`	App protection policies
`DeviceManagementServiceConfig.ReadWrite.All`	Enrollment and Autopilot
`DeviceManagementScripts.ReadWrite.All`	PowerShell scripts
`Group.ReadWrite.All`	Create assignment groups