Forum Discussion

Bahalzamon's avatar
Bahalzamon
Brass Contributor
Jun 09, 2023

Missing permissions but they are activated

I am attempting to pull down all managed devices but continue to receive this error. I have checked all the IDs

 

Error Message: This is what I get from Postman

{
    "error": {
        "code": "Forbidden",
        "message": "{\r\n  \"_version\": 3,\r\n  \"Message\": \"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: c860f845-7e00-43f2-9cde-0409940810e1 - Url: https://fef.msua05.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices?api-version=2022-07-29\",\r\n  \"CustomApiErrorPhrase\": \"\",\r\n  \"RetryAfter\": null,\r\n  \"ErrorSourceService\": \"\",\r\n  \"HttpHeaders\": \"{}\"\r\n}",
        "innerError": {
            "date": "2023-06-08T23:55:22",
            "request-id": "c860f845-7e00-43f2-9cde-0409940810e1",
            "client-request-id": "c860f845-7e00-43f2-9cde-0409940810e1"
        }
    }
}

 

Permissions: Problem being that I do have the permissions set.

 

 

The Query: It works fine on Graph Explorer under my credentials so I know the query is functional.

https://graph.microsoft.com/beta/deviceManagement/managedDevices

  • Figured it out. 🙂

    I needed to change the permissions from Delegated to Application, worked instantly after that.
  • Bahalzamon's avatar
    Bahalzamon
    Brass Contributor
    Figured it out. 🙂

    I needed to change the permissions from Delegated to Application, worked instantly after that.

Resources