Beta Graph API permission problem with signInActivity

Brian 1 Reputation point

Hi, I'm new here and wondering if someone can help me with a problem. I am trying to use the beta graph API to retrieve signInActivity and I keep getting a 403 forbidden error. I am a global admin and have setup an app registration and permissions. If I call this method I get a 403 forbidden.`$select=displayName,userPrincipalName, mail, id, CreatedDateTime, signInActivity, UserType&`$top=1

If I remove the signInActivity parameter then it works fine and retrieves all the users. Is there a specific permission needed for signInActivity or is there an overall permission needed to use the beta API that I'm missing?



Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,846 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Damania Harsh 1 Reputation point

    We need azure premium p1 or p2 , and

    but in my case , it works sometimes and sometimes it doesnt.
    I have observed that it is not able to get the premium license

    0 comments No comments

  2. Brian 1 Reputation point

    Thank you but how do you apply a license to an app registration? I created an enterprise app and assigned it application permission and the along with some other permissions like but the app id and secret doesn't have a user and license associated with it.

  3. Brian 1 Reputation point

    Ok, do you just mean I have to have at least one P2 license in the tenant and it can be assigned to anyone? In that case, I do already have that. I also have the directory permission as well as users, auditlogs, devices and several other permissions.

  4. Brian 1 Reputation point

    I am getting a 403 Forbidden error. I have access to a few different tenants. In two of the tenants where I am a global admin and have an E5 license I don't get an error. I create an app registration with the correct permissions and it works fine. However, I have another tenant where I am a global admin and it was not working. I gave myself an E5 license and re-create the app registration but that did not solve the problem. I can't figure out why it works in one tenant and not the other. Of course, the one where it isn't working is where I actually need it to work.


    0 comments No comments

  5. Brian 1 Reputation point

    Ok, I finally figured it out, I was thinking that an E5 license has the Azure AD Premium license but only the Microsoft 365 E5 has that, not the Office 365 E5. So, I added a P1 to my user and then it worked on the tenant I was having trouble with.

    0 comments No comments