Home

Read Intune apps from Microsoft Graph

%3CLINGO-SUB%20id%3D%22lingo-sub-650441%22%20slang%3D%22en-US%22%3ERead%20Intune%20apps%20from%20Microsoft%20Graph%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-650441%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20a%20SharePoint%20WebPart%20I'm%20trying%20to%20fetch%20the%20Intune%20Apps%20for%20the%20logged%20in%20user.%20However%20when%20I%20call%20the%20endpoint%20(%2Fv1.0%2FdeviceAppManagement%2FmobileApps)%20I%20get%20a%20401%20response.%3C%2FP%3E%3CPRE%3E%22error%22%3A%20%7B%3CBR%20%2F%3E%22code%22%3A%20%22UnknownError%22%2C%3CBR%20%2F%3E%22message%22%3A%20%22%7B%5C%22ErrorCode%5C%22%3A%5C%22Forbidden%5C%22%2C%5C%22Message%5C%22%3A%5C%22%7B%5C%5Cr%5C%5Cn%20%5C%5C%5C%22_version%5C%5C%5C%22%3A%203%2C%5C%5Cr%5C%5Cn%20%5C%5C%5C%22Message%5C%5C%5C%22%3A%20%5C%5C%5C%22An%20error%20has%20occurred%20-%20Operation%20ID%20(for%20customer%20support)%3A%2000000000-0000-0000-0000-000000000000%20-%20Activity%20ID%3A%2072746d36-8b0a-4751-9523-755b70b0b5cf%20-%20Url%3A%20https%3A%2F%2Ffef.amsub0102.manage.microsoft.com%2FAppLifecycle%2FStatelessAppMetadataFEService%2FdeviceAppManagement%2FmobileApps%3Fapi-version%3D2018-03-22%5C%5C%5C%22%2C%5C%5Cr%5C%5Cn%20%5C%5C%5C%22CustomApiErrorPhrase%5C%5C%5C%22%3A%20%5C%5C%5C%22%5C%5C%5C%22%2C%5C%5Cr%5C%5Cn%20%5C%5C%5C%22RetryAfter%5C%5C%5C%22%3A%20null%2C%5C%5Cr%5C%5Cn%20%5C%5C%5C%22ErrorSourceService%5C%5C%5C%22%3A%20%5C%5C%5C%22%5C%5C%5C%22%2C%5C%5Cr%5C%5Cn%20%5C%5C%5C%22HttpHeaders%5C%5C%5C%22%3A%20%5C%5C%5C%22%7B%5C%5C%5C%5C%5C%5C%5C%22WWW-Authenticate%5C%5C%5C%5C%5C%5C%5C%22%3A%5C%5C%5C%5C%5C%5C%5C%22Bearer%20realm%3D%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%22urn%3Aintune%3Aservice%2C9225b241-44e1-44a8-8bfe-c10e39177505%2Cf0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%22%5C%5C%5C%5C%5C%5C%5C%22%7D%5C%5C%5C%22%5C%5Cr%5C%5Cn%7D%5C%22%2C%5C%22Target%5C%22%3Anull%2C%5C%22Details%5C%22%3Anull%2C%5C%22InnerError%5C%22%3Anull%2C%5C%22InstanceAnnotations%5C%22%3A%5B%5D%7D%22%2C%3CBR%20%2F%3E%22innerError%22%3A%20%7B%3CBR%20%2F%3E%22request-id%22%3A%20%2272746d36-8b0a-4751-9523-755b70b0b5cf%22%2C%3CBR%20%2F%3E%22date%22%3A%20%222019-05-27T14%3A12%3A39%22%3C%2FPRE%3E%3CP%3EThe%20Azure%20AD%20app%20has%20been%20assigned%20the%20delegated%20'%3CSPAN%3EDeviceManagementApps.Read.All%3C%2FSPAN%3E'%20permission.%3C%2FP%3E%3CP%3EI%20can%20retrieve%20information%20about%20the%20current%20user%20(%2Fme).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20it%20be%20that%20the%20Intune%20license%20is%20not%20correctly%20applied%20in%20our%20tenant%3F%20How%20do%20I%20check%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%20for%20any%20pointers.%3C%2FP%3E%3CP%3EJasper%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-650441%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EGraph%20API%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-650502%22%20slang%3D%22en-US%22%3ERe%3A%20Read%20Intune%20apps%20from%20Microsoft%20Graph%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-650502%22%20slang%3D%22en-US%22%3E%3CP%3ETo%20check%20license%20assignment%20you%20can%20use%20%22Troubleshooting%22%20panel%20in%20Intune%20console%2C%20just%20select%20user%20and%20it%20should%20show%20you%20if%20there%20is%20any%20issue%20with%20license.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20can%20get%20info%20using%20your%20account%20through%20the%20same%20web-part%2C%20that%20more%20like%20permission%20issue%20rather%20than%20license%20issue.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20can%20only%20recommend%20you%20to%20check%20this%20article%2C%20maybe%20consent%20is%20missing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgotoguy.blog%2F2017%2F12%2F17%2Faccess-microsoft-graph-api-using-custom-connector-in-powerapps-and-flows%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgotoguy.blog%2F2017%2F12%2F17%2Faccess-microsoft-graph-api-using-custom-connector-in-powerapps-and-flows%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-650516%22%20slang%3D%22en-US%22%3ERe%3A%20Read%20Intune%20apps%20from%20Microsoft%20Graph%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-650516%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F144823%22%20target%3D%22_blank%22%3E%40Alexander%20Vanyurikhin%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20pointer.%20I%20cannot%20access%20the%20Intune%20configuration%20myself%20so%20I%20will%20ask%20someone%20to%20check%20that%20for%20me.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20for%20the%20permissions%20for%20Microsoft%20Graph%20'User.Read'%20and%20'DeviceManagementApps.Read.All'%20where%20consented%20to%20by%20an%20admin.%20So%20that%20should%20work...%3C%2FP%3E%3C%2FLINGO-BODY%3E
jasperv-stedin
New Contributor

Hi,

 

From a SharePoint WebPart I'm trying to fetch the Intune Apps for the logged in user. However when I call the endpoint (/v1.0/deviceAppManagement/mobileApps) I get a 401 response.

"error": {
"code": "UnknownError",
"message": "{\"ErrorCode\":\"Forbidden\",\"Message\":\"{\\r\\n \\\"_version\\\": 3,\\r\\n \\\"Message\\\": \\\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 72746d36-8b0a-4751-9523-755b70b0b5cf - Url: https://fef.amsub0102.manage.microsoft.com/AppLifecycle/StatelessAppMetadataFEService/deviceAppManagement/mobileApps?api-version=2018-03-22\\\",\\r\\n \\\"CustomApiErrorPhrase\\\": \\\"\\\",\\r\\n \\\"RetryAfter\\\": null,\\r\\n \\\"ErrorSourceService\\\": \\\"\\\",\\r\\n \\\"HttpHeaders\\\": \\\"{\\\\\\\"WWW-Authenticate\\\\\\\":\\\\\\\"Bearer realm=\\\\\\\\\\\\\\\"urn:intune:service,9225b241-44e1-44a8-8bfe-c10e39177505,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7\\\\\\\\\\\\\\\"\\\\\\\"}\\\"\\r\\n}\",\"Target\":null,\"Details\":null,\"InnerError\":null,\"InstanceAnnotations\":[]}",
"innerError": {
"request-id": "72746d36-8b0a-4751-9523-755b70b0b5cf",
"date": "2019-05-27T14:12:39"

The Azure AD app has been assigned the delegated 'DeviceManagementApps.Read.All' permission.

I can retrieve information about the current user (/me).

 

Could it be that the Intune license is not correctly applied in our tenant? How do I check this?

 

Thanks in advance for any pointers.

Jasper

2 Replies

To check license assignment you can use "Troubleshooting" panel in Intune console, just select user and it should show you if there is any issue with license.

 

If you can get info using your account through the same web-part, that more like permission issue rather than license issue.

I can only recommend you to check this article, maybe consent is missing.

 

https://gotoguy.blog/2017/12/17/access-microsoft-graph-api-using-custom-connector-in-powerapps-and-f...

@Alexander Vanyurikhin Thanks for the pointer. I cannot access the Intune configuration myself so I will ask someone to check that for me.

 

As for the permissions for Microsoft Graph 'User.Read' and 'DeviceManagementApps.Read.All' where consented to by an admin. So that should work...

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies