403 Forbidden when calling Copilot Admin Settings API despite valid permissions and scope

Question

403 Forbidden when calling Copilot Admin Settings API despite valid permissions and scope

Anonymous

The application has been granted the required documented permissions (CopilotPackages.Read.All and even tried also with CopilotPackages.ReadWrite.All). The access token is issued for Microsoft Graph and explicitly includes the required scope.

Despite this correct configuration, calls to the Microsoft 365 Copilot Admin Settings API for listing Copilot packages consistently return a 403 Forbidden response:

{
    "error": {
        "code": "Forbidden",
        "message": "Access is denied to the requested resource.",
        "innerError": {
            "date": "...",
            "request-id": "...",
            "client-request-id": "..."
        }
    }
}

API Reference

https://learn.microsoft.com/en-us/microsoft-365-copilot/extensibility/api/admin-settings/package/copilotpackages-list

Is there any additional configuration required at the tenant to successfully call this API?

If not, are there known issues that could explain the 403 response despite valid permissions and scope?

Thanks!
Erez.

Selvi Duraisamy-JHG 0 Reputation points

2026-01-13T00:07:48.81+00:00

Any updates on this issue?

I am getting the same Forbidden error in addition states user context required.

"code": "Forbidden", "message": "Access is denied. User context is required by the requested resource.",