Get-MgPolicyTokenLifetimePolicy - Insufficient privileges to complete the operation

Copper Contributor

Hello Team, I'm trying to get details of policy token lifetime details but getting error. What Role is required to run this command



PS C:\WINDOWS\system32> Connect-MgGraph
Welcome To Microsoft Graph!

PS C:\WINDOWS\system32> Get-MgPolicyTokenLifetimePolicy
Get-MgPolicyTokenLifetimePolicy : Insufficient privileges to complete the operation.
Status: 403 (Forbidden)
ErrorCode: Authorization_RequestDenied
Date: 2023-07-13T10:40:11
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 497affb8-d7cc-4298-983f-99e82d3d7f5e
client-request-id : 320e178e-3949-4c72-8ced-3bed39a1cc08
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"UK
x-ms-resource-unit : 1
Cache-Control : no-cache
Date : Thu, 13 Jul 2023 10:40:11 GMT
At line:1 char:1
+ Get-MgPolicyTokenLifetimePolicy
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ Top = , Skip ...ndProperty = }:<>f__AnonymousType4`8) [Get-MgPolicyToken
LifetimePolicy_List], Exception
+ FullyQualifiedErrorId : Authorization_RequestDenied,Microsoft.Graph.PowerShell.Cmdlets.GetMgPolicyTokenLifetimePolicy_

PS C:\WINDOWS\system32>

2 Replies
As the error message suggests, you need permissions to run this cmdlet. To find out what permissions need to be granted for any given cmdlet from the Graph module, you can use Find-MgGraphCommand:

Find-MgGraphCommand -Command Get-MgPolicyTokenLifetimePolicy

In this case, you need at least Policy.Read.All permissions. If you are and admin user and able to consent to them, connect via:

Connect-MgGraph -Scopes Policy.Read.All

If not, ask an admin to consent.