Hello @Joseph Leiber , in order to generate an access token with a specific user permissions, you need to authenticate with the same user. Regarding az cli
, it's only possible get an access tokens for some well knows resources and scopes. EntitlementManagement.ReadWrite.All
is not part of them. You will need to create an app registration, register the aformentioned scope and obtain an access token using MSAL.PS:
$MsalToken=Get-MsalToken -ClientId # required `
-Scopes https://graph.microsoft.com/EntitlementManagement.ReadWrite.All -RedirectUri http://localhost `
-UseEmbeddedWebView:$false
$AccessToken=$MsalToken.AccessToken
Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.