Beta Graph API permission problem with signInActivity

Brian 1 Reputation point
2021-08-23T11:10:01.117+00:00

Hi, I'm new here and wondering if someone can help me with a problem. I am trying to use the beta graph API to retrieve signInActivity and I keep getting a 403 forbidden error. I am a global admin and have setup an app registration and permissions. If I call this method I get a 403 forbidden.

https://graph.microsoft.com/beta/users?`$select=displayName,userPrincipalName, mail, id, CreatedDateTime, signInActivity, UserType&`$top=1

If I remove the signInActivity parameter then it works fine and retrieves all the users. Is there a specific permission needed for signInActivity or is there an overall permission needed to use the beta API that I'm missing?

Thanks,

Brian

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,846 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Damania Harsh 1 Reputation point
    2021-08-23T12:29:21.077+00:00

    We need azure premium p1 or p2 , and auditlog.read.All

    but in my case , it works sometimes and sometimes it doesnt.
    I have observed that it is not able to get the premium license

    0 comments No comments

  2. Brian 1 Reputation point
    2021-08-23T18:33:25.383+00:00

    Thank you but how do you apply a license to an app registration? I created an enterprise app and assigned it application permission and the auditlog.read.all along with some other permissions like user.read.all but the app id and secret doesn't have a user and license associated with it.


  3. Brian 1 Reputation point
    2021-08-24T11:44:34.767+00:00

    Ok, do you just mean I have to have at least one P2 license in the tenant and it can be assigned to anyone? In that case, I do already have that. I also have the directory permission as well as users, auditlogs, devices and several other permissions.


  4. Brian 1 Reputation point
    2021-08-25T12:35:10.5+00:00

    I am getting a 403 Forbidden error. I have access to a few different tenants. In two of the tenants where I am a global admin and have an E5 license I don't get an error. I create an app registration with the correct permissions and it works fine. However, I have another tenant where I am a global admin and it was not working. I gave myself an E5 license and re-create the app registration but that did not solve the problem. I can't figure out why it works in one tenant and not the other. Of course, the one where it isn't working is where I actually need it to work.

    Thanks

    0 comments No comments

  5. Brian 1 Reputation point
    2021-08-25T16:51:15.013+00:00

    Ok, I finally figured it out, I was thinking that an E5 license has the Azure AD Premium license but only the Microsoft 365 E5 has that, not the Office 365 E5. So, I added a P1 to my user and then it worked on the tenant I was having trouble with.

    0 comments No comments