question

JayGoos-9198 avatar image
0 Votes"
JayGoos-9198 asked JayGoos-9198 answered

Retrieving Device enrollment configurations not working anymore

Hello all,

I have retrieved every device Enrollment Configurations from the Graph API by using: "https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations?$select=id".

But suddenly i get a forbidden error:

"Application is not authorized to perform this operation as called in app only context but does not have application permissions configured.

I use an app registration with a token to authorize my requests. In the past it has always worked. Did something changed?

Update: Problem was on the Microsoft Side. They updated the Graph API and caused an authentication problem when you were authenticating as "app-only Context". Couple weeks ago they fixed it.

mem-intune-graph
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JayGoos-9198 Thanks for posting in our Q&A.

For this error, it seems that doesn't have permissions. Based on my research, we need the following permissions:
DeviceManagementServiceConfig.ReadWrite.All
DeviceManagementServiceConfig.Read.All
https://docs.microsoft.com/en-us/graph/api/intune-shared-deviceenrollmentconfiguration-get?view=graph-rest-beta#prerequisites

I have tried to run the requset in Graph explorer. It works well.
178295-image.png

Hope it will help.



0 Votes 0 ·
image.png (75.8 KiB)

Hello,

I have tried the same and i get the same result as you, however there is a difference between authenticating. Using the Microsoft graph you will use your user credentials instead of using appID and appsecret to retrieve a token, which you can use to authenticate.

I consented the permissions to my app registration, except for the read permission (to my understanding that one is not needed, if you have consented the readwrite permission) as you can see below:


178445-apppermissions.png


0 Votes 0 ·
apppermissions.png (77.9 KiB)

@JayGoos-9198 Thanks for your update. For the graph issue, it is more related to develop scope. With Q&A limitation, it is suggested to create a premier support ticket to get more accurate help. Here is the support link:
https://docs.microsoft.com/en-us/mem/get-support#premier-and-unified-support-customers

Hope it will help.

0 Votes 0 ·
JasonDoyle-8062 avatar image
0 Votes"
JasonDoyle-8062 answered JayGoos-9198 commented

I am encountering the same issue, need assistance or answer here to help me in resolving.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @JasonDoyle-8062,

The issue was on the Microsoft side. They updated the Microsoft Graph some time ago and caused an authentication problem. They updated the Graph API and now it works for me again.

0 Votes 0 ·
JayGoos-9198 avatar image
0 Votes"
JayGoos-9198 answered

I created a ticket with Microsoft and they escalated it to the engineers. The engineers told it was on their side.

See solution: Problem was on the Microsoft Side. They updated the Graph API and caused an authentication problem when you were authenticating as "app-only Context". Couple weeks ago they fixed it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.