Get-MgBetaDeviceManagementReportConfigurationPolicyNonComplianceSummaryReport throws forbidden

Andrew 36 Reputation points
2024-08-20T09:10:36.3666667+00:00

Hi,

I am trying to use Get-MgBetaDeviceManagementReportConfigurationPolicyNonComplianceSummaryReport command and it is working when run using Global Admin account. But under Automation Account Managed Identity (service principal) with application permission mentioned in the official documentation, it is throwing a forbidden error.

User's image

I've tried to add several more permissions but no luck.

What permissions are really needed?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,464 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. CarlZhao-MSFT 43,016 Reputation points
    2024-08-20T10:01:40.1766667+00:00

    Hi @Andrew

    Ensure that you have granted one of the following permissions to the calling app and have provided admin consent.

    User's image

    Additionally, you need to assign the Global Administrator role to your app service principal.

    xxxx

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


  2. Andrew 36 Reputation points
    2024-11-18T09:01:11.62+00:00

    OK, it started to work. So someone in the MS had to fix this in the meantime.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.