Share via

'UnknownError' from Graph API while fetching Intune managedDevices

Ori Shlomo 0 Reputation points
2024-06-06T11:12:23.06+00:00

Hi guys,

We are using the Graph API in order to fetch all the intune managed devices as detailed here.

  1. From time to time, the response we get back details the following error: ��{"error":{"code":"UnknownError","message":"{\"ErrorCode\":\"Forbidden\",\"Message\":\"{\\r\\n \\\"_version\\\": 3,\\r\\n \\\"Message\\\": \\\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 2c92a8cd-55d1-484d-9922-0b1348d5c58c - Url: https://fef.amsub0502.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices?api-version=2023-10-19\\\"
  2. The same call, can work correctly for some days and after, we continue getting those errors.
  3. We made sure the permissions are correct as described in the guide above. We even added more permissions such as DeviceManagementConfiguration.ReadWrite.All
  4. We are using refresh-token OAuth authentication and we are making sure to use the most update refresh-token that is coming back from the authentication response.

Do you have any idea what the root cause here? do you have more information about this error?

Microsoft Security Intune Other
Microsoft Security Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 53,981 Reputation points Microsoft External Staff
    2024-06-07T01:51:48.43+00:00

    @Ori Shlomo, Thanks for posting in Q&A. For the error message, it shows forbidden which seems to be with permission issue. But we add DeviceManagementManagedDevices.ReadWrite.All permission but still with the error. Please enter the token we use when get error here to analyze if it has enough permission. And get screen shot of the result. As a note, please hide the sensitive information like tenant information username and etc when upload the screen shot.

    Meanwhile, if seems sometimes work but sometimes not. Could you confirm if we use the same user account always? if not, please check if the affected user account has Intune license assigned.

    In addition, please also let us know which flow we choose:

    User's image

    https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow

    Please check the above information and if there's any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.