Microsoft Graph api auditLog/signIn throwing 403 Forbidden error.

Eisenhaur, Liam 21 Reputation points
2022-04-29T20:38:50.923+00:00

I am trying to use the list signIns api (auditLog/signIn) for the Microsoft Graph endpoint but I keep getting a 403 Forbidden error. I have the list directoryAudit (auditLog/directoryAudit) api working. Using the same application and api permissions has not worked. The permissions I am using are Directory.Read.All and AuditLog.Read.All and I have granted them access. My user also has all the right admin roles. I am using HTTP not the SDK. Thanks.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,409 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,610 questions
{count} votes

2 answers

Sort by: Most helpful
  1. JanardhanaVedham-MSFT 3,536 Reputation points
    2022-05-02T09:25:17.76+00:00

    Hi @Eisenhaur, Liam ,

    I have verified above issue and I am able to replicate this issue from my end using delegated permissions scope and resolve it as well. AuditLog.Read.All deletegated permissions granted to the app registerted in Azure AD and also ensured that admin content is granted for this delegated permissions for my registred app in Azure AD.

    Example:

    List signins API error for an user with AuditLog.Read.All deletegated permissions and admin content is granted for this permissions for my registred app in Azure AD.

    198128-image.png

    Assigned the user with "Reports Reader" directory role in M365 admin center.

    198135-image.png

    Successful API response posted assigning "Reports Reader" directory role in M365 admin center.

    198160-image.png

    Please crorss verify the error message in first screenshot above and also ensure the below things are taken care for your app in your tenant:

    1. AuditLog.Read.All deletegated permissions granted and also ensure that admin content is granted for these permissions as well for your app registered in Azure AD.

    Example :

    198221-image.png

    2.As mentioned in the List signins API documentation, Make sure that the user using this List signins API is running under deletegated permissions is assigned to or having any one of the following directory roles :

    198168-image.png

    3.As documented here, there is a known issue with this API, currently requires consent to both the AuditLog.Read.All and Directory.Read.All delegated permissions and also ensure that admin content is granted for these permissions as well for your app registered in Azure AD.

    198231-image.png

    I would advise you to reachout to your tenant admin to ensure that above things are taken care and also cross verify the admin content is granted for AuditLog.Read.All and Directory.Read.All delegated permissions for your app in registred in AD and also user has assiagned to one of the direcory roles mentioned above.

    If the answer is helpful to you, please click "Accept Answer" and kindly upvote it. If you have additional questions about this answer, please click "Comment".


  2. Zehui Yao_MSFT 5,846 Reputation points
    2022-05-02T10:05:41.737+00:00

    Hello @Eisenhaur, Liam , as mentioned in the documentation, in addition to using the correct permissions, you also need to grant the user the corresponding role, hope this helps you.

    198205-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.