Share via

graph beta url is giving 403, even after adding related api permission

rahul parmar 0 Reputation points
2025-06-05T12:11:02.56+00:00

for beta url https://graph.microsoft.com/beta/deviceManagement/inventoryPolicies, added related api permission DeviceManagementConfiguration.Read.All, still getting 403 with api response as below.
The url mentioned in response is giving 503 (service not available)

{
    "error": {
        "code": "Forbidden",
        "message": "{\r\n  \"_version\": 3,\r\n  \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: f1abedb9-a4ff-488c-93a5-5e1ab0f89ad1 - Url: https://fef.amsuin01.manage.microsoft.com/DeviceConfigV2/DCV2GraphService/de147310-ffff-6001-0601-060404443588/deviceManagement/inventoryPolicies?api-version=5025-03-01&$select=createdDateTime%2ccreationSource%2cdescription%2clastModifiedDateTime%2cname%2cplatforms%2croleScopeTagIds%2csettingCount%2ctechnologies%2cid\",\r\n  \"CustomApiErrorPhrase\": \"\",\r\n  \"RetryAfter\": null,\r\n  \"ErrorSourceService\": \"\",\r\n  \"HttpHeaders\": \"{}\"\r\n}",
        "innerError": {
            "date": "2025-06-05T08:12:52",
            "request-id": "f1abedb9-a4ff-488c-93a5-5e1ab0f89ad1",
            "client-request-id": "f1abedb9-a4ff-488c-93a5-5e1ab0f89ad1"
        }
    }
}
Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pardha Saradhi Reddy Jaladi-MSFT 475 Reputation points Microsoft External Staff
    2025-06-06T14:55:45.9433333+00:00

    Hello rahul parmar

    Thank you for reaching out to Microsoft Support!!

    You're encountering a 403 Forbidden error when trying to access the Microsoft Graph Beta API for deviceManagement/inventoryPolicies, even after adding the DeviceManagementConfiguration.Read.All permission. Additionally, the URL mentioned in the response is returning a 503 Service Unavailable error.

    Possible Causes:

    1. Insufficient API Permissions – The required permissions might have changed. According to recent updates, Microsoft Graph Beta API for deviceManagement may now require either DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All permissions instead of DeviceManagementConfiguration.Read.All.

    Admin Consent Not Granted – Even if the correct permissions are added, they must be granted admin consent in Microsoft Entra ID (formerly Azure AD).

    Service Availability Issues – The 503 error suggests that the backend service might be temporarily unavailable or experiencing issues.

    Solution Steps:

    1. Verify API Permissions

    Go to Microsoft Entra ID (Azure AD) > App registrations.

    Select the application making the API call.

    Navigate to API permissions and ensure that DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All are added.

    Click Grant admin consent for the permissions.

    2. Check Microsoft Graph API Updates

    3. Test API Access in Graph Explorer

    Open Microsoft Graph Explorer.

    Sign in with an account that has the necessary permissions.

    Hope this helps.
    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.