I am O Auth 2 authorization code flow to Authenticate to Azure and Invoke Graph APIs for Intune (by delegated app that was created in Intune for access to API).
Following permissions has been provided at the APP registered in Azure under my organization tenant.
https://graph.microsoft.com/DeviceManagementApps.Read.All https://graph.microsoft.com/DeviceManagementConfiguration.Read.All https://graph.microsoft.com/DeviceManagementManagedDevices.Read.All https://graph.microsoft.com/User.Read
API under scope:
https://graph.microsoft.com/v1.0/deviceManagement/detectedApps
https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps```
I am getting the following error both at Mobile APP level and Postman. Could you please help me to identify the issue?
{ "error": { "code": "UnknownError", "message": { "ErrorCode": "Forbidden", "Message": { "_version ": 3, "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: c85eb7ab-687d-4780-bd88-94a3b52e7df7 - Url: https://fef.msub02.manage.microsoft.com/DeviceConfiguration_2008/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations?api-version=2020-02-21", "CustomApiErrorPhrase": "", "RetryAfter": null, "ErrorSourceService": "", "HttpHeaders": { "WWW-Authenticate": "Bearer realm=urn:intune:service,bb7003b9-cb7f-44b2-b534-54f84f2f0d63,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7" } }, "Target": null, "Details": null, "InnerError": null, "InstanceAnnotations": [] }, "innerError": { "date": "2020-09-02T21:09:14" "request-id": "c85eb7ab-687d-4780-bd88-94a3b52e7df7",
}
}```
You can try using the Global Administrator role or a Global reader role to read the intune data as there is a necessity of having these roles. After giving any of these roles, try the below calls with their respective permissions.