This is now fixed, I added application permissions rather than delegated ones and that solved the problem.
How to fix: Invoke-RestMethod : The remote server returned an error: (403) Forbidden.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 34%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Phil Rawlings
0
Reputation points
# Define the variables
$ClientID = '****'
$ClientSecret = '****'
$TenantName = '****'
# Create the access token based on the variables
$Body = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $ClientID
Client_Secret = $ClientSecret
}
$Params = @{
ContentType = "application/x-www-form-urlencoded"
Body = $Body
Method = "Post"
URI = "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token"
}
$Response = Invoke-RestMethod @Params
# Extract the access token from the response
$AccessToken = $Response.access_token
# Use the access token and the URI to get the list of application IDs
$Headers = @{
Authorization = "Bearer $AccessToken"
}
$URI = "https://graph.microsoft.com/v1.0/applications"
$Result = Invoke-RestMethod -Uri $URI -Headers $Headers -Method Get
# Output the application IDs
$Result.value.id
I get a 403 on the $result line and I don't understand why.
Ultimately I want to write a script that pulls ALL information out from the application so we can store it as a backup as we purge unused applications, but I can't get passed the first stage of pulling in the applications' IDs
Any help or pointers will be much appreciated
Thanks
Microsoft Security | Microsoft Graph
{count} votes
-
Phil Rawlings 0 Reputation points
2024-01-08T10:58:57.9333333+00:00 These are the current permissions:
Sign in to comment