We need azure premium p1 or p2 , and auditlog.read.All
but in my case , it works sometimes and sometimes it doesnt.
I have observed that it is not able to get the premium license
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi, I'm new here and wondering if someone can help me with a problem. I am trying to use the beta graph API to retrieve signInActivity and I keep getting a 403 forbidden error. I am a global admin and have setup an app registration and permissions. If I call this method I get a 403 forbidden.
https://graph.microsoft.com/beta/users?`$select=displayName,userPrincipalName, mail, id, CreatedDateTime, signInActivity, UserType&`$top=1
If I remove the signInActivity parameter then it works fine and retrieves all the users. Is there a specific permission needed for signInActivity or is there an overall permission needed to use the beta API that I'm missing?
Thanks,
Brian
We need azure premium p1 or p2 , and auditlog.read.All
but in my case , it works sometimes and sometimes it doesnt.
I have observed that it is not able to get the premium license
Thank you but how do you apply a license to an app registration? I created an enterprise app and assigned it application permission and the auditlog.read.all along with some other permissions like user.read.all but the app id and secret doesn't have a user and license associated with it.
Ok, do you just mean I have to have at least one P2 license in the tenant and it can be assigned to anyone? In that case, I do already have that. I also have the directory permission as well as users, auditlogs, devices and several other permissions.
I am getting a 403 Forbidden error. I have access to a few different tenants. In two of the tenants where I am a global admin and have an E5 license I don't get an error. I create an app registration with the correct permissions and it works fine. However, I have another tenant where I am a global admin and it was not working. I gave myself an E5 license and re-create the app registration but that did not solve the problem. I can't figure out why it works in one tenant and not the other. Of course, the one where it isn't working is where I actually need it to work.
Thanks
Ok, I finally figured it out, I was thinking that an E5 license has the Azure AD Premium license but only the Microsoft 365 E5 has that, not the Office 365 E5. So, I added a P1 to my user and then it worked on the tenant I was having trouble with.