Hello Community Members!

I'm trying to call the following Azure REST API from Postman:

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/provi...

These are the steps I followed:
01. I created an Azure Active Directory and then registered an app with 'App registrations'
02. In the new app, navigated to 'API permissions', clicked on the 'Add a permission' button and added the 'Azure Service Management'(https://management.azure.com/)
03. Created an Azure lab plan in the https://portal.azure.com/
04. Created a lab by navigating to https://labs.azure.com/
05. In the Postman, I generated an access_token by issuing a POST request at: https://login.microsoftonline.com/<tenant-id>/oauth2/token

grant_type: client_credentials
client_secret: <from the app registered above>
client_id: <from the app registered above>
resource: https://management.azure.com/

06. Issued a GET request with the 'Bearer Token' Authorization header at: https://management.azure.com/subscriptions/<subscription id>/resourceGroups/<resource grp>/providers/Microsoft.LabServices/labs/<lab>/virtualMachines/template?api-version=2022-08-01

07. Got the following '403 Forbidden' response:
{
"error": {
"code": "AuthorizationFailed",
"message": "The client '74e88316-ceec-4878-8d62-b765318ef01b' with object id '74e88316-ceec-4878-8d62-b765318ef01b' does not have authorization to perform action 'Microsoft.LabServices/labs/virtualMachines/read' over scope '/subscriptions/<subscription id>/resourceGroups/<resource grp>/providers/Microsoft.LabServices/labs/<lab>/virtualMachines/template' or the scope is invalid. If access was recently granted, please refresh your credentials."
}
}

It looks like some configuration is missing from my setup. Any input/thoughts are very much appreciated. Thanks.

Regards,

Giri