Forum Discussion
Get-MgPolicyTokenLifetimePolicy - Insufficient privileges to complete the operation
Hello Team, I'm trying to get details of policy token lifetime details but getting error. What Role is required to run this command
PS C:\WINDOWS\system32> Connect-MgGraph
Welcome To Microsoft Graph!
PS C:\WINDOWS\system32> Get-MgPolicyTokenLifetimePolicy
Get-MgPolicyTokenLifetimePolicy : Insufficient privileges to complete the operation.
Status: 403 (Forbidden)
ErrorCode: Authorization_RequestDenied
Date: 2023-07-13T10:40:11
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 497affb8-d7cc-4298-983f-99e82d3d7f5e
client-request-id : 320e178e-3949-4c72-8ced-3bed39a1cc08
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"UK
South","Slice":"E","Ring":"3","ScaleUnit":"002","RoleInstance":"LO1PEPF00001D23"}}
x-ms-resource-unit : 1
Cache-Control : no-cache
Date : Thu, 13 Jul 2023 10:40:11 GMT
At line:1 char:1
+ Get-MgPolicyTokenLifetimePolicy
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ Top = , Skip ...ndProperty = }:<>f__AnonymousType4`8) [Get-MgPolicyToken
LifetimePolicy_List], Exception
+ FullyQualifiedErrorId : Authorization_RequestDenied,Microsoft.Graph.PowerShell.Cmdlets.GetMgPolicyTokenLifetimePolicy_
List
PS C:\WINDOWS\system32>
- As the error message suggests, you need permissions to run this cmdlet. To find out what permissions need to be granted for any given cmdlet from the Graph module, you can use Find-MgGraphCommand:
Find-MgGraphCommand -Command Get-MgPolicyTokenLifetimePolicy
In this case, you need at least Policy.Read.All permissions. If you are and admin user and able to consent to them, connect via:
Connect-MgGraph -Scopes Policy.Read.All
If not, ask an admin to consent.Thank you VasilMichev . Command seems to work.
