Share via

graph beta url is giving 403, even after adding related api permission

rahul parmar 20 Reputation points
2025-06-05T12:11:02.56+00:00

for beta url https://graph.microsoft.com/beta/deviceManagement/inventoryPolicies, added related api permission DeviceManagementConfiguration.Read.All, still getting 403 with api response as below.
The url mentioned in response is giving 503 (service not available)

{
    "error": {
        "code": "Forbidden",
        "message": "{\r\n  \"_version\": 3,\r\n  \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: f1abedb9-a4ff-488c-93a5-5e1ab0f89ad1 - Url: https://fef.amsuin01.manage.microsoft.com/DeviceConfigV2/DCV2GraphService/de147310-ffff-6001-0601-060404443588/deviceManagement/inventoryPolicies?api-version=5025-03-01&$select=createdDateTime%2ccreationSource%2cdescription%2clastModifiedDateTime%2cname%2cplatforms%2croleScopeTagIds%2csettingCount%2ctechnologies%2cid\",\r\n  \"CustomApiErrorPhrase\": \"\",\r\n  \"RetryAfter\": null,\r\n  \"ErrorSourceService\": \"\",\r\n  \"HttpHeaders\": \"{}\"\r\n}",
        "innerError": {
            "date": "2025-06-05T08:12:52",
            "request-id": "f1abedb9-a4ff-488c-93a5-5e1ab0f89ad1",
            "client-request-id": "f1abedb9-a4ff-488c-93a5-5e1ab0f89ad1"
        }
    }
}
Microsoft Security | Microsoft Graph
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex Smith 20 Reputation points
    2025-07-16T18:05:08.7833333+00:00

    All the endpoints are ok expect inventoryPolicies

    Was this answer helpful?

    2 people found this answer helpful.
    0 comments
  2. Pardha Saradhi Reddy Jaladi-MSFT 550 Reputation points Microsoft External Staff
    2025-06-06T14:55:45.9433333+00:00

    Hello rahul parmar

    Thank you for reaching out to Microsoft Support!!

    You're encountering a 403 Forbidden error when trying to access the Microsoft Graph Beta API for deviceManagement/inventoryPolicies, even after adding the DeviceManagementConfiguration.Read.All permission. Additionally, the URL mentioned in the response is returning a 503 Service Unavailable error.

    Possible Causes:

    1. Insufficient API Permissions – The required permissions might have changed. According to recent updates, Microsoft Graph Beta API for deviceManagement may now require either DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All permissions instead of DeviceManagementConfiguration.Read.All.

    Admin Consent Not Granted – Even if the correct permissions are added, they must be granted admin consent in Microsoft Entra ID (formerly Azure AD).

    Service Availability Issues – The 503 error suggests that the backend service might be temporarily unavailable or experiencing issues.

    Solution Steps:

    1. Verify API Permissions

    Go to Microsoft Entra ID (Azure AD) > App registrations.

    Select the application making the API call.

    Navigate to API permissions and ensure that DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All are added.

    Click Grant admin consent for the permissions.

    2. Check Microsoft Graph API Updates

    3. Test API Access in Graph Explorer

    Open Microsoft Graph Explorer.

    Sign in with an account that has the necessary permissions.

    Hope this helps.
    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    Was this answer helpful?

    2 people found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.