Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
OK, it started to work. So someone in the MS had to fix this in the meantime.
Get-MgBetaDeviceManagementReportConfigurationPolicyNonComplianceSummaryReport throws forbidden
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 52%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Andrew
41
Reputation points
Hi,
I am trying to use Get-MgBetaDeviceManagementReportConfigurationPolicyNonComplianceSummaryReport command and it is working when run using Global Admin account. But under Automation Account Managed Identity (service principal) with application permission mentioned in the official documentation, it is throwing a forbidden error.
I've tried to add several more permissions but no luck.
What permissions are really needed?
Microsoft Security | Microsoft Graph
2 answers
Sort by: Most helpful
-
CarlZhao-MSFT 46,456 Reputation points2024-08-20T10:01:40.1766667+00:00 Hi @Andrew
Ensure that you have granted one of the following permissions to the calling app and have provided admin consent.
Additionally, you need to assign the
Global Administratorrole to your app service principal.Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
-
Andrew 41 Reputation points
2024-08-20T11:19:36.6133333+00:00 Hi,
yes as I said I have assigned all required permissions and granted the consent.
Are you serious about assigning a Global Administrator role? This seems like super overkill to me. And to be honest I am looking for a more granular approach. Thanks
Sign in to comment -