Forum Discussion
403 Error: Application access policy not found, -Global scope not available in tenant
Hi everyone,
I'm trying to use Microsoft Graph API to retrieve online meeting details using an application identity. However, I receive a 403 error with the message:
"No application access policy found for this app"
I followed the documentation here: Configure application access policy, but I encountered a problem: the -Global scope mentioned in the documentation is not available in my tenant.
I’ve successfully granted the policy using the following methods:
Option A – Grant to Specific User
Grant-CsApplicationAccessPolicy -PolicyName "YOUR_POLICY_NAME" -Identity "email address removed for privacy reasons"
Option B – Grant to AD Group
New-CsGroupPolicyAssignment -GroupId "YOUR_GROUP_ID" -PolicyType ApplicationAccessPolicy -PolicyName "YOUR_POLICY_NAME"
These work fine, and the app can access online meetings for users or groups assigned this way.
However, I need to allow the app to access meetings across the organization, and the -Global assignment method is not available in my tenant.
Questions:
- Is there an alternative to -Global for tenant-wide access?
- Is this limitation expected in certain tenant configurations?
- Any workaround or best practice for enabling organization-wide access to online meetings via Graph API?
Thanks in advance!
2 Replies
Just to add, I was following the official documentation here:
🔗 https://learn.microsoft.com/en-us/graph/cloud-communication-online-meeting-application-access-policyThis explains how to set up the policy, including the -Global scope, which unfortunately isn’t available in my tenant.
Which version of the Teams module are you using and what permissions does your user have? The switch is available for me, tested in few of my tenants
Alternative approach would be to assign the policy to users individually, which you can easily automate via PowerShell. The downside of this approach is that it might take some time, or even fail, in larger orgs. Here's an example, just in case: https://learn.microsoft.com/en-us/powershell/module/microsoftteams/grant-csapplicationaccesspolicy?view=teams-ps#assign-an-application-access-policy-to-all-users-in-the-tenant
