- Try repro the above using MS Graph Explorer with your tenant!!
- If you're using delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure AD limited administrator role. So just setting permission at app level might not be sufficient.
Graph API: forbidden
I have a reporting application that calls the Graph API on customer tenants. I have one customer that is set up with an App Registration and the same permissions, but I still get "Forbidden" from the HttpClient. Is this related to Conditional Access or some other security setting? How can I instruct them to allow access?
I have triple checked the client ID and Secret and they’re correct. The errors come from…
"https://graph.microsoft.com/v1.0/organization"; //Requires: Graph.Organization.Read.All
"https://graph.microsoft.com/v1.0/reports/getSharePointSiteUsageDetail(date={0})" //Requires: Graph.Reports.Read.All
Thank you,
1 answer
Sort by: Most helpful
-
Deva-MSFT 2,266 Reputation points Microsoft Employee
2020-11-14T09:25:05.893+00:00