@Haibert Barfian, Thanks for posting in Q&A. Based on the error message you are receiving, it seems that the application is missing one of the required scopes for the operation you are trying to perform. The error message specifically mentions that the application must have one of the following scopes: DeviceManagementServiceConfiguration.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All.
It appears that you are currently using the scope "https://graph.microsoft.com/.default offline_access" for both getting an authorization code and exchanging it for an access token. However, this scope does not include the required Device Management Service scopes mentioned in the error message.
To resolve this issue, you should update your application's scope to include the required Device Management Service scopes. You can do this by adding the appropriate permissions in the Azure app registration portal, under your application's API permissions page.
References:
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.