Share via

Graph API - Forbidden / Unauthorized operation despite the correct permissions

Leonard RADECKI 0 Reputation points
2023-07-23T19:41:31.9366667+00:00

Hi,

I would like to list "malwareStateForWindowsDevices" using an Application context according to API Documentation : https://learn.microsoft.com/en-us/graph/api/intune-devices-malwarestateforwindowsdevice-list?view=graph-rest-1.0
As specified, my application has the permission "DeviceManagementManagedDevices.Read.All" needed :

User's image

User's image

The type is "Application" and not "Delegated" as it should be. The permission is granted.

Just to be sure, my token is valid as expected when I request it (checking with https://jwt.ms/) :
User's image

However when I make my request I get (screenshot from Postman) :

User's image

It's not the case when I use other resources with the same permission. Indeed, I can list "detectedApps" : https://learn.microsoft.com/en-us/graph/api/intune-devices-detectedapp-list?view=graph-rest-1.0&tabs=http that needs the exact same "DeviceManagementManagedDevices.Read.All" permission.

EDIT : I add the permission "DeviceManagementConfiguration.Read.All" (checking with https://jwt.ms/) :
User's image

Still get the same response ("code": "Forbidden")

Thanks for your help,

Leonard.

Microsoft Security Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 119.5K Reputation points MVP Volunteer Moderator
    2023-07-24T16:14:52.06+00:00

    It looks like you need both DeviceManagementManagedDevices.Read.All and DeviceManagementConfiguration.Read.All for this query.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.