Get Cloud PCs with Graph API - Forbidden

Question

Hello,

I have an issue getting a list of Cloud PCs in my tenant using the Graph API.
I use an app registration, this app has the CloudPC.Read.All permission with admin consent. I initialize the connection with the following code

$Body = @{  
    Grant_Type    = "client_credentials"  
    Scope         = "https://graph.microsoft.com/.default"  
    client_Id     = $ApplicationID  
    Client_Secret = $AccessSecret  
    }  
  
$Connection = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$($TenantID)/oauth2/v2.0/token" -Method POST -Body $Body  
$Token = $Connection.access_token  
  
Connect-MgGraph -AccessToken $Token  
  
Select-MgProfile -Name beta  

I verify the scopes using the Cmdlet Get-MgContext, and can see that the CloudPC.Read.All well applies to the connection.

Therefore, when trying to get a list of Cloud PCs using the Cmdlet Get-MgDeviceManagementVirtualEndpointCloudPC, I get a Forbidden error.

Answer 1

Hi @AxelC

Do you have a Windows 365 license? https://learn.microsoft.com/en-us/graph/api/resources/cloudpc-api-overview?view=graph-rest-beta.

Using the Microsoft Graph API for Cloud PCs requires an active Windows 365 license for the organization. Currently, Microsoft Graph API is available for Windows 365 Enterprise and not Windows 365 Business.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

It could be a syntax issue. Use Get-MgDeviceManagementVirtualEndpointCloudPC | fl or Get-MgDeviceManagementVirtualEndpointCloudPC -CloudPCId $cloudPCId

----------

--please don't forget to upvote and Accept as answer if the reply is helpful--