Authorization_RequestDenied when i use certificate (no problem when using secret)

Mountain Pond 1,431 Reputation points

Hello, tell me please. Why am I not authenticated if I use a certificate.


Working with a secret, everything goes well. Authentication and getting information through Graph. Here example:

$appid = 'xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx'
$tenantid = 'yyyyyy-yyyyyy-yyyyyy-yyyyyy-yyyyyy'
$secret = 'zzzzzzzzzzzzzzz'
$body =  @{
    Grant_Type    = "client_credentials"
    Scope         = ""
    Client_Id     = $appid
    Client_Secret = $secret
$connection = Invoke-RestMethod `
    -Uri$tenantid/oauth2/v2.0/token `
    -Method POST `
    -Body $body
$token = $connection.access_token
Connect-MgGraph -AccessToken $token

#The Graph API URL
$uri = " "
$method = "GET"
# Run the Graph API query to retrieve users
$output = Invoke-WebRequest -Method $method -Uri $uri -ContentType "application/json" -Headers @{Authorization = "Bearer $token"} -ErrorAction Stop
($output.Content | ConvertFrom-Json).value | Out-GridView

However, if I use a certificate. Then you can connect to Graph successfully. However, when I run queries, I get errors.


Connect-MgGraph -ClientID 'xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx' -TenantId 'yyyyyy-yyyyyy-yyyyyy-yyyyyy-yyyyyy' -CertificateThumbprint 'zzzzzzzzzzzzzzz'

$output = Invoke-WebRequest -Method 'GET' -Uri ""
($output.Content | ConvertFrom-Json).value | Out-GridView

Connect-AzureAD -TenantId 'yyyyyy-yyyyyy-yyyyyy-yyyyyy-yyyyyy' -ApplicationId  'xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx' -CertificateThumbprint 'zzzzzzzzzzzzzzz'






The authority is enough, but everything works with the secret, but not with the certificate. Perhaps I missed something.

I also wanted to ask if it is possible to authenticate on behalf of the device? This device is not part of Azure (not a VM or a server), but is a security object - Azure AD joined device.

Thank you.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,370 questions
0 comments No comments
{count} votes