Object Type Name	Operation Name
MDM_GenericAppConfiguration	Author Policy
MDM_GenericAppConfiguration	Create
MDM_GenericAppConfiguration	Delete
MDM_GenericAppConfiguration	Deploy Configuration Items
MDM_GenericAppConfiguration	Modify
MDM_GenericAppConfiguration	Read
MDM_GenericAppConfiguration	Run Report
MDM_GenericAppConfiguration	Set Security Scope
SMS_ActionAccountResult	Create
SMS_ActionAccountResult	Delete
SMS_ActionAccountResult	Modify
SMS_ActionAccountResult	Read
SMS_Admin	Read
SMS_Admin	Run Report
SMS_AdvancedThreatProtectionSettings	Read
SMS_AdvancedThreatProtectionSettings	Run Report
SMS_AfwAccountStatus	Create
SMS_AfwAccountStatus	Delete
SMS_AfwAccountStatus	Modify
SMS_AfwAccountStatus	Read
SMS_AfwAppConfigSettings	Author Policy
SMS_AfwAppConfigSettings	Create
SMS_AfwAppConfigSettings	Delete
SMS_AfwAppConfigSettings	Deploy Configuration Items
SMS_AfwAppConfigSettings	Modify
SMS_AfwAppConfigSettings	Read
SMS_AfwAppConfigSettings	Run Report
SMS_AfwAppConfigSettings	Set Security Scope
SMS_AISoftwareList	View AI
SMS_Alert	Create
SMS_Alert	Delete
SMS_Alert	Modify
SMS_Alert	Read
SMS_Alert	Run Report
SMS_AllowOrDenyAppsSetting	Read
SMS_AllowOrDenyAppsSetting	Run Report
SMS_AntimalwareSettings	Create
SMS_AntimalwareSettings	Delete
SMS_AntimalwareSettings	Modify
SMS_AntimalwareSettings	Modify Default
SMS_AntimalwareSettings	Read
SMS_AntimalwareSettings	Read Default
SMS_AntimalwareSettings	Run Report
SMS_AntimalwareSettings	Set Security Scope
SMS_AntiMalwareSettingsPolicy	Author Policy
SMS_AntiMalwareSettingsPolicy	Create
SMS_AntiMalwareSettingsPolicy	Delete
SMS_AntiMalwareSettingsPolicy	Modify
SMS_AntiMalwareSettingsPolicy	Read
SMS_AntiMalwareSettingsPolicy	Run Report
SMS_AntiMalwareSettingsPolicy	Set Security Scope
SMS_Application	Approve
SMS_Application	Create
SMS_Application	Delete
SMS_Application	Manage Folder
SMS_Application	Manage Folder Item
SMS_Application	Modify
SMS_Application	Read
SMS_Application	Run Report
SMS_Application	Set Security Scope
SMS_ApplicationGroup	Approve
SMS_ApplicationGroup	Create
SMS_ApplicationGroup	Delete
SMS_ApplicationGroup	Manage Folder
SMS_ApplicationGroup	Manage Folder Item
SMS_ApplicationGroup	Modify
SMS_ApplicationGroup	Read
SMS_ApplicationGroup	Set Security Scope
SMS_AppRestrictionSettings	Author Policy
SMS_AppRestrictionSettings	Read
SMS_AppRestrictionSettings	Run Report
SMS_AuthorizationList	Create
SMS_AuthorizationList	Delete
SMS_AuthorizationList	Modify
SMS_AuthorizationList	Read
SMS_BitlockerManagementSettings	Author Policy
SMS_BitlockerManagementSettings	Read
SMS_BitlockerManagementSettings	Run Report
SMS_BootImagePackage	Create
SMS_BootImagePackage	Delete
SMS_BootImagePackage	Manage Folder
SMS_BootImagePackage	Manage Folder Item
SMS_BootImagePackage	Modify
SMS_BootImagePackage	Read
SMS_BootImagePackage	Set Security Scope
SMS_Boundary	Read
SMS_BoundaryGroup	Read
SMS_ClientAuthCertificateSettings	Read
SMS_ClientAuthCertificateSettings	Run Report
SMS_ClientPfxCertificate	Read
SMS_ClientSettings	Create
SMS_ClientSettings	Delete
SMS_ClientSettings	Modify
SMS_ClientSettings	Read
SMS_ClientSettings	Set Security Scope
SMS_CloudSubscription	Read
SMS_CM_UpdatePackages	Read
SMS_Collection	Audit Security
SMS_Collection	Control AMT
SMS_Collection	Create
SMS_Collection	Delete
SMS_Collection	Delete Resource
SMS_Collection	Deploy AntiMalware Policies
SMS_Collection	Deploy Applications
SMS_Collection	Deploy Client Settings
SMS_Collection	Deploy Configuration Items
SMS_Collection	Deploy Firewall Policies
SMS_Collection	Deploy Packages
SMS_Collection	Deploy Software Updates
SMS_Collection	Deploy Task Sequences
SMS_Collection	Enforce Security
SMS_Collection	Manage Folder
SMS_Collection	Manage Folder Item
SMS_Collection	Modify
SMS_Collection	Modify Client Status Alert
SMS_Collection	Modify Collection Setting
SMS_Collection	Modify Resource
SMS_Collection	Notify Resource
SMS_Collection	Provision AMT
SMS_Collection	Read
SMS_Collection	Read Resource
SMS_Collection	Remote Control
SMS_Collection	Run CMPivot
SMS_Collection	Run Script
SMS_Collection	View Collected File
SMS_CoManagementSettings	Read
SMS_CommunicationsProvisioningSettings	Read
SMS_CommunicationsProvisioningSettings	Run Report
SMS_ComplianceNotificationSettings	Read
SMS_CompliancePolicySettings	Read
SMS_ConditionAccessManagement	Create
SMS_ConditionAccessManagement	Delete
SMS_ConditionAccessManagement	Modify
SMS_ConditionAccessManagement	Read
SMS_ConditionAccessManagement	Set Security Scope
SMS_ConfigurationItem	Create
SMS_ConfigurationItem	Delete
SMS_ConfigurationItem	Manage Folder
SMS_ConfigurationItem	Manage Folder Item
SMS_ConfigurationItem	Modify
SMS_ConfigurationItem	Network Access
SMS_ConfigurationItem	Read
SMS_ConfigurationItem	Run Report
SMS_ConfigurationItem	Set Security Scope
SMS_ConfigurationPolicy	Create
SMS_ConfigurationPolicy	Delete
SMS_ConfigurationPolicy	Modify
SMS_ConfigurationPolicy	Read
SMS_ConfigurationPolicy	Set Security Scope
SMS_CustomConfigurationSettings	Read
SMS_CustomConfigurationSettings	Run Report
SMS_DeviceEnrollmentProfile	Create
SMS_DeviceEnrollmentProfile	Delete
SMS_DeviceEnrollmentProfile	Modify
SMS_DeviceEnrollmentProfile	Read
SMS_DeviceEnrollmentProfile	Set Security Scope
SMS_DeviceGuardSettings	Author Policy
SMS_DeviceGuardSettings	Read
SMS_DeviceGuardSettings	Run Report
SMS_DeviceSettingItem	Create
SMS_DeviceSettingItem	Delete
SMS_DeviceSettingItem	Modify
SMS_DeviceSettingItem	Read
SMS_DeviceSettingItem	Run Report
SMS_DeviceSettingItem	Set Security Scope
SMS_DeviceSettingPackage	Create
SMS_DeviceSettingPackage	Delete
SMS_DeviceSettingPackage	Modify
SMS_DeviceSettingPackage	Read
SMS_DeviceSettingPackage	Set Security Scope
SMS_DeviceThreatProtectionSettings	Author Policy
SMS_DeviceThreatProtectionSettings	Create
SMS_DeviceThreatProtectionSettings	Delete
SMS_DeviceThreatProtectionSettings	Modify
SMS_DeviceThreatProtectionSettings	Read
SMS_DeviceThreatProtectionSettings	Run Report
SMS_DeviceThreatProtectionSettings	Set Security Scope
SMS_DistributionPointGroup	Copy to Distribution Point
SMS_DistributionPointGroup	Read
SMS_DistributionPointInfo	Copy to Distribution Point
SMS_DistributionPointInfo	Read
SMS_Driver	Create
SMS_Driver	Delete
SMS_Driver	Manage Folder
SMS_Driver	Manage Folder Item
SMS_Driver	Modify
SMS_Driver	Read
SMS_Driver	Run Report
SMS_DriverPackage	Create
SMS_DriverPackage	Delete
SMS_DriverPackage	Manage Folder
SMS_DriverPackage	Manage Folder Item
SMS_DriverPackage	Modify
SMS_DriverPackage	Read
SMS_DriverPackage	Set Security Scope
SMS_EdgeBrowserSettings	Read
SMS_EditionUpgradeSettings	Read
SMS_ExploitGuardSettings	Author Policy
SMS_ExploitGuardSettings	Create
SMS_ExploitGuardSettings	Delete
SMS_ExploitGuardSettings	Modify
SMS_ExploitGuardSettings	Read
SMS_ExploitGuardSettings	Run Report
SMS_ExploitGuardSettings	Set Security Scope
SMS_FirewallComplianceSettings	Author Policy
SMS_FirewallComplianceSettings	Create
SMS_FirewallComplianceSettings	Delete
SMS_FirewallComplianceSettings	Modify
SMS_FirewallComplianceSettings	Read
SMS_FirewallComplianceSettings	Run Report
SMS_FirewallComplianceSettings	Set Security Scope
SMS_FirewallPolicy	Create
SMS_FirewallPolicy	Delete
SMS_FirewallPolicy	Modify
SMS_FirewallPolicy	Read
SMS_FirewallPolicy	Set Security Scope
SMS_FirewallSettings	Author Policy
SMS_FirewallSettings	Read
SMS_FirewallSettings	Run Report
SMS_GlobalCondition	Create
SMS_GlobalCondition	Delete
SMS_GlobalCondition	Modify
SMS_GlobalCondition	Read
SMS_GlobalCondition	Set Security Scope
SMS_HealthAttestationDetails	Read
SMS_HubItems	Download
SMS_HubItems	Read
SMS_ImagePackage	Create
SMS_ImagePackage	Delete
SMS_ImagePackage	Manage Folder
SMS_ImagePackage	Manage Folder Item
SMS_ImagePackage	Modify
SMS_ImagePackage	Read
SMS_ImagePackage	Set Security Scope
SMS_InventoryReport	Create
SMS_InventoryReport	Delete
SMS_InventoryReport	Modify
SMS_InventoryReport	Read
SMS_InventoryReport	Run Report
SMS_M365ASettings	Author Policy
SMS_M365ASettings	Create
SMS_M365ASettings	Delete
SMS_M365ASettings	Modify
SMS_M365ASettings	Read
SMS_M365ASettings	Run Report
SMS_MachineOrchestrationGroup	Read
SMS_MAMPolicyTemplate	Create
SMS_MAMPolicyTemplate	Delete
SMS_MAMPolicyTemplate	Modify
SMS_MAMPolicyTemplate	Read
SMS_MAMPolicyTemplate	Set Security Scope
SMS_ManagementInsights	Read
SMS_MDMAppleVppLicense	Read
SMS_MDMAppleVppToken	Read
SMS_MDMBulkEnrollmentPackages	Create
SMS_MDMBulkEnrollmentPackages	Delete
SMS_MDMBulkEnrollmentPackages	Modify
SMS_MDMBulkEnrollmentPackages	Read
SMS_MDMBulkEnrollmentPackages	Set Security Scope
SMS_MDMBulkEnrollmentProfiles	Create
SMS_MDMBulkEnrollmentProfiles	Delete
SMS_MDMBulkEnrollmentProfiles	Modify
SMS_MDMBulkEnrollmentProfiles	Read
SMS_MDMBulkEnrollmentProfiles	Set Security Scope
SMS_MDMCorpEnrollmentProfiles	Create
SMS_MDMCorpEnrollmentProfiles	Delete
SMS_MDMCorpEnrollmentProfiles	Modify
SMS_MDMCorpEnrollmentProfiles	Read
SMS_MDMCorpOwnedDevices	Create
SMS_MDMCorpOwnedDevices	Delete
SMS_MDMCorpOwnedDevices	Modify
SMS_MDMCorpOwnedDevices	Read
SMS_MDMDeviceCategory	Associate
SMS_MDMDeviceCategory	Create
SMS_MDMDeviceCategory	Delete
SMS_MDMDeviceCategory	Modify
SMS_MDMDeviceCategory	Read
SMS_MDMDeviceCategory	Run Report
SMS_MDMDeviceThreat	Read
SMS_MeteredProductRule	Create
SMS_MeteredProductRule	Delete
SMS_MeteredProductRule	Manage Folder
SMS_MeteredProductRule	Manage Folder Item
SMS_MeteredProductRule	Modify
SMS_MeteredProductRule	Modify Report
SMS_MeteredProductRule	Read
SMS_MeteredProductRule	Run Report
SMS_MeteredProductRule	Set Security Scope
SMS_ObjectContainerNode	Create
SMS_ObjectContainerNode	Delete
SMS_ObjectContainerNode	Modify
SMS_ObjectContainerNode	Read
SMS_ObjectContainerNode	Set Security Scope
SMS_OneDriveKnownFolderMigrationSettings	Author Policy
SMS_OneDriveKnownFolderMigrationSettings	Read
SMS_OneDriveKnownFolderMigrationSettings	Run Report
SMS_OperatingSystemInstallPackage	Create
SMS_OperatingSystemInstallPackage	Delete
SMS_OperatingSystemInstallPackage	Manage Folder
SMS_OperatingSystemInstallPackage	Manage Folder Item
SMS_OperatingSystemInstallPackage	Modify
SMS_OperatingSystemInstallPackage	Read
SMS_OperatingSystemInstallPackage	Set Security Scope
SMS_Package	Create
SMS_Package	Delete
SMS_Package	Manage Folder
SMS_Package	Manage Folder Item
SMS_Package	Modify
SMS_Package	Read
SMS_Package	Run Report
SMS_Package	Set Security Scope
SMS_PassportForWorkProfileSettings	Author Policy
SMS_PassportForWorkProfileSettings	Read
SMS_PassportForWorkProfileSettings	Run Report
SMS_PfxCertificateSettings	Read
SMS_PfxCertificateSettings	Run Report
SMS_PhasedDeployment	Create
SMS_PhasedDeployment	Delete
SMS_PhasedDeployment	Modify
SMS_PhasedDeployment	Read
SMS_PolicyProperty	Create
SMS_PolicyProperty	Delete
SMS_PolicyProperty	Modify
SMS_PolicyProperty	Read
SMS_PolicyProperty	Set Security Scope
SMS_Query	Create
SMS_Query	Delete
SMS_Query	Manage Folder
SMS_Query	Manage Folder Item
SMS_Query	Modify
SMS_Query	Read
SMS_Query	Set Security Scope
SMS_RemoteConnectionSettings	Author Policy
SMS_RemoteConnectionSettings	Read
SMS_RemoteConnectionSettings	Run Report
SMS_Report	Create
SMS_Report	Read
SMS_Role	Read
SMS_Scripts	Approve
SMS_Scripts	Create
SMS_Scripts	Delete
SMS_Scripts	Manage Folder
SMS_Scripts	Manage Folder Item
SMS_Scripts	Modify
SMS_Scripts	Read
SMS_Scripts	Set Security Scope
SMS_Site	Import Machine
SMS_Site	Manage OSD Certificate
SMS_Site	Meter Site
SMS_Site	Read
SMS_Site	Read CH Settings
SMS_Site	Run Report
SMS_SoftwareUpdate	Create
SMS_SoftwareUpdate	Delete
SMS_SoftwareUpdate	Manage Folder
SMS_SoftwareUpdate	Manage Folder Item
SMS_SoftwareUpdate	Modify
SMS_SoftwareUpdate	Network Access
SMS_SoftwareUpdate	Read
SMS_SoftwareUpdate	Run Report
SMS_SoftwareUpdatesPackage	Create
SMS_SoftwareUpdatesPackage	Delete
SMS_SoftwareUpdatesPackage	Modify
SMS_SoftwareUpdatesPackage	Read
SMS_SoftwareUpdatesPackage	Set Security Scope
SMS_StateMigration	Read
SMS_StateMigration	Run Report
SMS_StatusMessage	Create
SMS_StatusMessage	Delete
SMS_StatusMessage	Read
SMS_StatusMessage	Run Report
SMS_Subscription	Create
SMS_Subscription	Delete
SMS_Subscription	Modify
SMS_Subscription	Read
SMS_Subscription	Set Security Scope
SMS_TaskSequencePackage	Create
SMS_TaskSequencePackage	Create Stand-alone Media
SMS_TaskSequencePackage	Create Task Sequence Media
SMS_TaskSequencePackage	Delete
SMS_TaskSequencePackage	Manage Folder
SMS_TaskSequencePackage	Manage Folder Item
SMS_TaskSequencePackage	Modify
SMS_TaskSequencePackage	Read
SMS_TaskSequencePackage	Run Report
SMS_TaskSequencePackage	Set Security Scope
SMS_Template	Create
SMS_Template	Delete
SMS_Template	Modify
SMS_Template	Read
SMS_TermsAndConditionsSettings	Read
SMS_TrustedRootCertificateSettings	Read
SMS_TrustedRootCertificateSettings	Run Report
SMS_UacComplianceSettings	Author Policy
SMS_UacComplianceSettings	Create
SMS_UacComplianceSettings	Delete
SMS_UacComplianceSettings	Modify
SMS_UacComplianceSettings	Read
SMS_UacComplianceSettings	Run Report
SMS_UacComplianceSettings	Set Security Scope
SMS_UnManagedApps	Read
SMS_UnManagedApps	Run Report
SMS_UserMachineRelationship	Create
SMS_UserMachineRelationship	Delete
SMS_UserMachineRelationship	Modify
SMS_UserMachineRelationship	Read
SMS_UserMachineRelationship	Run Report
SMS_UserStateManagementSettings	Author Policy
SMS_UserStateManagementSettings	Read
SMS_UserStateManagementSettings	Run Report
SMS_VhdPackage	Create
SMS_VhdPackage	Delete
SMS_VhdPackage	Manage Folder
SMS_VhdPackage	Manage Folder Item
SMS_VhdPackage	Modify
SMS_VhdPackage	Read
SMS_VhdPackage	Set Security Scope
SMS_VirtualEnvironment	Create
SMS_VirtualEnvironment	Delete
SMS_VirtualEnvironment	Modify
SMS_VirtualEnvironment	Read
SMS_VirtualEnvironment	Set Security Scope
SMS_VpnConnectionSettings	Author Policy
SMS_VpnConnectionSettings	Read
SMS_VpnConnectionSettings	Run Report
SMS_WindowsDefenderAntimalwareSettings	Author Policy
SMS_WindowsDefenderAntimalwareSettings	Create
SMS_WindowsDefenderAntimalwareSettings	Delete
SMS_WindowsDefenderAntimalwareSettings	Modify
SMS_WindowsDefenderAntimalwareSettings	Read
SMS_WindowsDefenderAntimalwareSettings	Run Report
SMS_WindowsDefenderAntimalwareSettings	Set Security Scope
SMS_WindowsDefenderApplicationGuard	Author Policy
SMS_WindowsDefenderApplicationGuard	Read
SMS_WindowsDefenderApplicationGuard	Run Report
SMS_WindowsUpdateForBusinessConfigurationSettings	Author Policy
SMS_WindowsUpdateForBusinessConfigurationSettings	Create
SMS_WindowsUpdateForBusinessConfigurationSettings	Delete
SMS_WindowsUpdateForBusinessConfigurationSettings	Modify
SMS_WindowsUpdateForBusinessConfigurationSettings	Read
SMS_WindowsUpdateForBusinessConfigurationSettings	Run Report
SMS_WinRTSideLoadingKey	Read
SMS_WinRTSideLoadingKey	Run Report
SMS_WirelessProfileSettings	Author Policy
SMS_WirelessProfileSettings	Read
SMS_WirelessProfileSettings	Run Report
SMS_WSfBConfigurationData	Read

Related Information

Page:
ConfigMgr - Glossary of Terms (Endpoint Management)
- configmgr
- informational
Page:
MCM Site Information and Paths (Endpoint Management)
- configmgr
- informational
Page:
Delegated Administrator Permissions (Endpoint Management)
- configmgr
- informational
Page:
CM Client Settings (Endpoint Management)

Search UT EPM Documentation

Service Links

Get Help

EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization.

SERVICE STATUS

Planned Maintenance

ConfigMgr: Every Tuesday, from 6 a.m. – 10 a.m.
Jamf: Every Tuesday, from 8 a.m. – 12 p.m.

Section Content

Delegated Administrator Permissions

Related Information