This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 66%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi there, On trying to list the available licenses I got the below error message.
Get-MgSubscribedSku : Insufficient privileges to complete the operation.
Status: 403 (Forbidden)
ErrorCode: Authorization_RequestDenied
Date: 2023-12-15T15:48:39
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 3ece69c6-af61-4054-bedb-87992eb8f54e
client-request-id : 0e810f99-607c-4e19-8e07-19cb384e49d0
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Germany West
Central","Slice":"E","Ring":"5","ScaleUnit":"003","RoleInstance":"FR1PEPF00000AF1"}}
x-ms-resource-unit : 3
Cache-Control : no-cache
I connected using the right scope.
Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All" -UseDeviceAuthentication
Also, I used the global admin account.
any idea how to gane the required access?
Why are you using this switch? -UseDeviceAuthentication
Ops! I putted it as a part of my troubleshooting. I copied the wrong line Even if I do not use it the result is the same.
Try Adding a scope of "Directory.Read.All and consent if prompted.
Connect-MgGraph -Scopes Directory.Read.All
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 11%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
If you are making a PowerShell connection to your GraphAPI app, make sure your GraphAPI permission type in Entra is using Application consent and not delegate consent!
Were you ever prompted to consent those permissions you requested? That command should work as a Global Reader.
Look in the Azure portal under Enterprise Apps for
"Microsoft Graph Command Line Tools"
or APP ID: 14d82eec-204b-4c2f-b7e8-296a70dab67e
and then go to Permissions and see what is set there for allowed permissions.
I am assuming you arent using your own app registration for this, correct?
Hi Andy, on the screenshot you can see the what is listed under "Permissions". After running Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All" I was asked to type admin credentials. The first time I was prompted to grand permissions too. I`m not using own app registration.