Unable to access Microsoft Graph APIs for Teams webinars and online meetings (403 Forbidden)

Question

We are trying to automate Microsoft Teams webinar creation using Microsoft Graph API via Power Automate.

Despite configuring the required permissions and license, we are consistently receiving a 403 Forbidden response.

Configuration Details:

Permissions (Delegated - Admin Consent Granted):

OnlineMeetings.ReadWrite

VirtualEvent.ReadWrite

License:

Microsoft Teams Premium is assigned

---

API Request Details:

Endpoint:

POST https://graph.microsoft.com/v1.0/solutions/virtualEvents/webinars

Headers:

Content-Type: application/json

Body:

{

"displayName": "Test Webinar",

"description": {

"contentType": "html",

"content": "Test"

},

"startDateTime": {

"dateTime": "2026-04-10T10:00:00Z",

"timeZone": "UTC"

},

"endDateTime": {

"dateTime": "2026-04-10T11:00:00Z",

"timeZone": "UTC"

},

"audience": "organization"

}

---

Observations:

GET /me → 200 OK (authentication is successful)

User can create webinars manually in Microsoft Teams UI

However:

POST /me/onlineMeetings → 403 Forbidden

GET /solutions/virtualEvents/webinars → 403 Forbidden

POST /solutions/virtualEvents/webinars → 403 Forbidden

---

Request:

Could you please help confirm the following:

Is the current API usage and request structure correct, or is anything missing from our implementation?

Are there any additional prerequisites required to use:

/me/onlineMeetings

/solutions/virtualEvents/webinars

Should these APIs be accessible with the above permissions and Teams Premium license, or are there additional configurations required at tenant level?

Is the Virtual Events (webinars) API fully supported on the v1.0 endpoint, or should only the beta endpoint be used?

---

This is a time-sensitive implementation, so your guidance would be greatly appreciated.!

Answer 1

Hi Deepikaa Vadivel, you need to create a policy for teams, where you provide App Id and user configuration, this is by security, feel free to take a look at this:

https://learn.microsoft.com/en-us/graph/cloud-communication-online-meeting-application-access-policy

Reply on this thread if you still facing issues

Best

Answer 2

Please note that Q&A forum is a public platform, and moderators will modify the question to hide personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.

Hi Deepikaa Vadivel

Thank you for details. First, I recommend reviewing the AI-generated response on your post as it offers some helpful insights.

In addition, I’d like to add a small additional consideration. From what you've shared, your JSON payload and your use of the v1.0 endpoint for creating webinars are actually fine. The issue here is most likely not with the request body itself, but with how Microsoft Teams enforces authorization for Virtual Events and Online Meetings at the workload level.

For example, creating a webinar using: POST /solutions/virtualEvents/webinars is supported on the v1.0 endpoint when using delegated permissions such as VirtualEvent.ReadWrite, and the typical flow is to first create the webinar in draft mode and then publish it.

So in this case, a 403 response may suggest the request is getting authenticated successfully by Microsoft Graph, but is being rejected later during Teams workload authorization.

Another important distinction is that different operations under the same endpoint may follow different permission models. For example, the GET /solutions/virtualEvents/webinars operation does not support delegated permissions and instead requires application permissions. In addition, Microsoft Teams will only return webinar data if the organizer has been assigned a Teams Application Access Policy (AAP). This also means that tenant administrators must configure an Application Access Policy when apps need to access online meetings or virtual events using application permissions.

• If you're creating webinars, make sure your Power Automate flow is actually using a delegated token on behalf of the organizer, and that the signed‑in user is the intended organizer of the webinar.
• If you're trying to list or access webinar data across the tenant, you'll need to configure application permissions and assign an Application Access Policy so the app can access resources created by that organizer.

Also, after making any permission or policy changes, please make sure admin consent is granted again (if required) and refresh or recreate the Power Automate connection. Otherwise, the access token used by the flow may not reflect the updated configuration, and the 403 error can still persist.

However, please note that this is based on my research and may not fully apply to your specific environment. As a forum moderator, I don’t have access to backend diagnostics or tenant‑level configurations to further investigate this issue. If the problem persists, I would recommend creating a support request through the Entra Admin Center so that the Microsoft support team can assist you with a deeper backend investigation within your tenant environment.

Hope this info helpful.

---

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

The API calls and request bodies are valid, but the configuration is missing required application permissions and an application access policy for Teams webinars and online meetings. Delegated permissions and a Teams Premium license alone are not sufficient for the scenarios described.

Key points from the documentation:

1. List and manage webinars via /solutions/virtualEvents/webinars requires application permissions
   • The List webinars API explicitly supports only application permissions:
     • Permission type: Application
     • Least privileged permission: VirtualEvent.Read.All
   • Delegated permissions are not supported for this endpoint.
   • Therefore, calling GET /solutions/virtualEvents/webinars or POST /solutions/virtualEvents/webinars with only delegated scopes such as VirtualEvent.ReadWrite will result in 403 Forbidden.
2. Application Access Policy (AAP) is required for webinar access
   • Teams enforces an Application Access Policy to control which organizers’ data an app can access.
   • Without an AAP, Customer Insights – Journeys (and similarly, any app using webinar APIs) cannot access webinar data such as attendance reports, and the same safeguard applies to webinar APIs.
   • The tenant admin must create and assign an AAP for the app registration using Teams PowerShell, for example:

          Connect-MicrosoftTeams
          New-CsApplicationAccessPolicy -Identity <POLICY_NAME> -AppIds <APP_ID>
          Grant-CsApplicationAccessPolicy -PolicyName <POLICY_NAME> -Global
     

   • Alternatively, the policy can be scoped to specific users or groups instead of global.
3. Required Graph permissions for webinars and registrations
   • For listing webinars:
     • Application permission: VirtualEvent.Read.All (least privileged).
   • For creating registrations:
     • Application permission: VirtualEventRegistration-Anon.ReadWrite.Chat (least privileged) or VirtualEventRegistration-Anon.ReadWrite.All.
   • These permissions must be added as application permissions in the app registration and granted admin consent.
4. 403 errors and permissions
   • A 403 from Microsoft Graph commonly indicates that the token does not contain the required permission in the correct claim (roles for application tokens, scp for delegated tokens) or that tenant policies (such as AAP) block access.
   • For webinar APIs, using delegated permissions where only application permissions are supported will consistently return 403.
5. v1.0 support for Virtual Events (webinars)
   • The virtualEventWebinar resource and related endpoints (including POST /solutions/virtualEvents/webinars and POST /solutions/virtualEvents/webinars/{webinarId}/registrations) are documented under the v1.0 endpoint and are available in the global cloud.
   • The v1.0 APIs are therefore supported; beta is not required for the capabilities described.
6. What needs to change in the current implementation
   • Update the app registration to add the following application permissions and grant admin consent:
     • VirtualEvent.Read.All
     • VirtualEventRegistration-Anon.ReadWrite.Chat (or .ReadWrite.All if needed)
   • Acquire an app-only access token (client credentials flow) and use it in the Power Automate HTTP action instead of a delegated user token.
   • Configure a Teams Application Access Policy for the app ID so that the app can access webinars created by the intended organizers.
   • After these changes, GET /solutions/virtualEvents/webinars and POST /solutions/virtualEvents/webinars should succeed when called with the app-only token.

The Teams Premium license enables webinar features in the client, but access to webinar and online meeting data through Microsoft Graph is governed by Graph permissions and Teams application access policies, not by the license alone.

---

References:

• List webinars
• Create virtualEventRegistration
• Virtual events webinar API use cases
• Virtual events town hall API use cases
• Set Up authentication for Teams webinars v2
• HTTP 403 authorization error when calling the Microsoft Graph Security API