403 Forbidden Microsoft-Azure-Application-Gateway/v2 - getting sensitivity labels

Dancing Strawberry 101 Reputation points
2021-09-13T20:20:46.84+00:00

When calling this endpoint: https://graph.microsoft.com/beta/informationProtection/policy/labels

The call succeeds as expected when invoked in Postman, returns a response:

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#informationProtection/policy/labels",
    "value": [
        {
            ...
        }
    ]
}

However, using the exact same headers and access token when making a request in python yields as part of the response:

"message":"<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>Microsoft-Azure-Application-Gateway/v2</center>\r\n</body>\r\n</html>\r\n"

The permission "https://graph.microsoft.com/InformationProtectionPolicy.Read.All" has been granted. Is there some other setting within the application that needs to be changed to allow the request to go through?

Also, when I try using the Graph Explorer to make the same call (under beta), the response contains: "code": "UnknownError"

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
988 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,052 questions
{count} votes

Accepted answer
  1. CarlZhao-MSFT 38,936 Reputation points
    2021-09-30T08:18:50.117+00:00

    Hi, @Dancing Strawberry .

    Post a comment as an answer to end the thread.

    You can fix the azure web application firewall issue based on this document. https://blog.kloud.com.au/2018/09/05/azure-application-gateway-waf-tuning (Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.)


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. David Fletcher 1 Reputation point
    2022-06-20T15:43:29.907+00:00
    0 comments No comments