401 and 403 error when logging into endpoint admin center

%3CLINGO-SUB%20id%3D%22lingo-sub-1713817%22%20slang%3D%22en-US%22%3E401%20and%20403%20error%20when%20logging%20into%20endpoint%20admin%20center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1713817%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20an%20on-prem%20AD%20with%20ADD%20Connect%2C%20AD%20SSO%20and%20AD%20Hybrid%20joined%20computers%20in%20place.%20We're%20currently%20using%20SCCM%20for%20our%20MDM%20solution%20but%20would%20like%20to%20dip%20our%20toes%20in%20the%20InTune%20waters.%26nbsp%3B%20We%20can%20log%20into%20MS%20Endpoint%20Manager%20Admin%20Center%20as%20an%20Azure%20global%20admin%2C%20however%2C%20we're%20getting%20401%2F403%20errors%20(ie%3A%20'no%20permissions'%20and%20'%3CSPAN%3EContact%20your%20Intune%20administrator%20to%20get%20access%20to%20client%20apps%20data').%20The%20Intune%20tenant%20status%20says%3A%20Account%20Status%20%3D%20Unknown%2C%20Service%20Status%20%3D%20Healthy%2C%20Connector%20Status%20%3D%20Unknown.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CBR%20%2F%3EAny%20suggestions%20or%20tips%20would%20be%20appreciated.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1713817%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1754428%22%20slang%3D%22en-US%22%3ERe%3A%20401%20and%20403%20error%20when%20logging%20into%20endpoint%20admin%20center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1754428%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F809366%22%20target%3D%22_blank%22%3E%40philpreece%3C%2FA%3E%26nbsp%3BI%20have%20the%20same%20problem!!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1754471%22%20slang%3D%22en-US%22%3ERe%3A%20401%20and%20403%20error%20when%20logging%20into%20endpoint%20admin%20center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1754471%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F823655%22%20target%3D%22_blank%22%3E%40pfuenzalida%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20managed%20to%20resolve%20the%20issue%20by%20activating%20the%20basic%20mobility%20and%20security%20service%20as%20described%20here.%20The%20activation%20took%20a%20few%20hours%20to%20kick%20in.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fset-up-basic-mobility-and-security-dd892318-bc44-4eb1-af00-9db5430be3cd%23activatemdm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fset-up-basic-mobility-and-security-dd892318-bc44-4eb1-af00-9db5430be3cd%23activatemdm%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1754526%22%20slang%3D%22en-US%22%3ERe%3A%20401%20and%20403%20error%20when%20logging%20into%20endpoint%20admin%20center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1754526%22%20slang%3D%22en-US%22%3EThank%20you%20very%20much!!!%20It%20Works!!!%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20really%20appreciate%20your%20help!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1754532%22%20slang%3D%22en-US%22%3ERe%3A%20401%20and%20403%20error%20when%20logging%20into%20endpoint%20admin%20center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1754532%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F823655%22%20target%3D%22_blank%22%3E%40pfuenzalida%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eyour%20welcome.%3C%2FP%3E%3CP%3Ei%20have%20to%20say%20its%20not%20very%20well%20documented%20and%20we%20only%20stumbled%20across%20it%20after%20a%20lot%20of%20googling.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

We have an on-prem AD with ADD Connect, AD SSO and AD Hybrid joined computers in place. We're currently using SCCM for our MDM solution but would like to dip our toes in the InTune waters.  We can log into MS Endpoint Manager Admin Center as an Azure global admin, however, we're getting 401/403 errors (ie: 'no permissions' and 'Contact your Intune administrator to get access to client apps data'). The Intune tenant status says: Account Status = Unknown, Service Status = Healthy, Connector Status = Unknown.


Any suggestions or tips would be appreciated.

5 Replies

@philpreece I have the same problem!!!

@pfuenzalida 

We managed to resolve the issue by activating the basic mobility and security service as described here. The activation took a few hours to kick in.

https://support.microsoft.com/en-us/office/set-up-basic-mobility-and-security-dd892318-bc44-4eb1-af0...

Thank you very much!!! It Works!!!

We really appreciate your help!

@pfuenzalida 

 

your welcome.

i have to say its not very well documented and we only stumbled across it after a lot of googling.

I absolutely agree, I spent a couple of hours also googling and if I don't see your post I would still spend time ... thank you very much again!!!