Share via

Error occurred while executing RemoveDevice, Code: Authorization_RequestDenied

Saravanan Periyasamy 0 Reputation points
2024-02-28T10:19:04.3366667+00:00

Hi Techies,

I am facing issue with Remove-AzureADDevice -ObjectId $_.ObjectId. I am using my registered APP with Certificate Thumprint.

I have given enough permission to my app in delegate as well application for Graph API. but still when I am using powershell script to remove device is not working.

Screenshot 2024-02-28 154435

Screenshot 2024-02-28 154446

Screenshot 2024-02-28 154459

Screenshot 2024-02-28 154509

Below is the function, I am able to get devices using Get-AzureADUserRegisteredDevice -ObjectId $ObjectID. But while deleting the device only I am getting error message.

Error occurred while executing RemoveDevice
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
RequestId: 67a70f22-XXXXXXXXXXXXXXXXXXX
DateTimeStamp: Wed, 28 Feb 2024 08:30:23 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed

Function that I am using

Function Initiate-AAD-DeviceRetire
{
param(
[String]$Email,
[String]$ObjectID,
[String]$ID
)

$error.Clear()
$AADRegisteredDevices = Get-AzureADUserRegisteredDevice -ObjectId $ObjectID

$TotalAADDeviceCount = (Get-AzureADUserRegisteredDevice -ObjectId $ObjectID).count $AADRegisteredDevices | ForEach-Object { $DeviceObjectIDs += $.ObjectId + "," } $DeviceObjectIDsString = $DeviceObjectIDs.trim(',') $AADRegisteredDevices | ForEach-Object {Remove-AzureADDevice -ObjectId $.ObjectId} } Anyone faced similar issue, please help me :)

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 37,226 Reputation points Microsoft Employee Moderator
    2024-02-29T20:27:46.9933333+00:00

    @Saravanan Periyasamy

    Thank you for your detailed post!

    Error occurred while executing 
RemoveDeviceCode: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
HttpStatusCode: Forbidden

    Based off your error details and reviewing the Remove-AzureADDevice documentation, it does look like you granted your application the correct permissions .

    However, since the Directory.AccessAsUser.All delegated permission, allows your application to have the same access to information in the directory as the signed-in user. Please also make sure that the user you're signed in with has one of the following roles assigned.

    • Microsoft Entra roles: Global Administrator, Intune Administrator, Windows 365 Administrator, or Cloud Device Administrator.

    User's image

    I hope this helps!

    If you have any other questions or are still having issues, please let me know. Thank you for your time and patience throughout this issue.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.