I'm having what seems to be the same issue as this person, but my permissions appear to be set up properly.
Through a Power Automate connector, I can make many Graph API queries for users, devices and groups that succeed:
/devices
/devices/{objectID}/getMemberGroups
/users
/users/{objectID}/getMemberGroups
/groups/{objectID}/getMemberGroups
However, if I try any query that includes managedDevices (we do have Intune in our environment), it doesn't work.
For example, I can successfully do "/users/{objectID}", but not "/users/{objectID}/managedDevices"
The body returned is:
{
"error": {
"code": "Forbidden",
"message": "{\r\n \"_version\": 3,\r\n \"Message\": \"User is not authorized to perform this operation - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 6ca043ea-c795-4e09-957c-f4c65142568d - Url: https://fef.msua06.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/users%28%27robert.lamaster%40aecom.com%27%29/managedDevices?api-version=2021-04-07\\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}",
"innerError": {
"date": "2022-06-07T13:15:01",
"request-id": "6ca043ea-c795-4e09-957c-f4c65142568d",
"client-request-id": "6ca043ea-c795-4e09-957c-f4c65142568d"
}
}
}
My app registration has both application and delegated permissions as seen in the image.

Any ideas why the app can't access managedDevices info?