This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 57.99999999999999%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Hi, I'm new here and wondering if someone can help me with a problem. I am trying to use the beta graph API to retrieve signInActivity and I keep getting a 403 forbidden error. I am a global admin and have setup an app registration and permissions. If I call this method I get a 403 forbidden.
https://graph.microsoft.com/beta/users?`$select=displayName,userPrincipalName, mail, id, CreatedDateTime, signInActivity, UserType&`$top=1
If I remove the signInActivity parameter then it works fine and retrieves all the users. Is there a specific permission needed for signInActivity or is there an overall permission needed to use the beta API that I'm missing?
Thanks,
Brian
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDH%3C/text%3E%3C/svg%3E)
We need azure premium p1 or p2 , and auditlog.read.All
but in my case , it works sometimes and sometimes it doesnt.
I have observed that it is not able to get the premium license
Thank you but how do you apply a license to an app registration? I created an enterprise app and assigned it application permission and the auditlog.read.all along with some other permissions like user.read.all but the app id and secret doesn't have a user and license associated with it.
the licence is for per tenant and not user based.
you also need to grant directory.read.all permission.
Ok, do you just mean I have to have at least one P2 license in the tenant and it can be assigned to anyone? In that case, I do already have that. I also have the directory permission as well as users, auditlogs, devices and several other permissions.
I am getting a 403 Forbidden error. I have access to a few different tenants. In two of the tenants where I am a global admin and have an E5 license I don't get an error. I create an app registration with the correct permissions and it works fine. However, I have another tenant where I am a global admin and it was not working. I gave myself an E5 license and re-create the app registration but that did not solve the problem. I can't figure out why it works in one tenant and not the other. Of course, the one where it isn't working is where I actually need it to work.
Thanks
Ok, I finally figured it out, I was thinking that an E5 license has the Azure AD Premium license but only the Microsoft 365 E5 has that, not the Office 365 E5. So, I added a P1 to my user and then it worked on the tenant I was having trouble with.