![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 6%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
13,721 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 86%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
Hello Haibert Barfian,
Thanks for posting!
Since you are using client credentials auth flow, so you need to consent required application permissions to run this endpoint. In your case you require atleast DeviceManagementServiceConfig.Read.All application permission in your Azure AD application to List windowsAutopilotDeviceIdentities, which is missing in Graph API permissions screenshot you shared.
Refer below for details regarding permissions and access scenarios.
Authentication and authorization basics - Microsoft Graph | Microsoft Learn
Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn
Hope this helps.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".