I'm developing an application which will upload Android/IOS apps to InTune. All works with LOB apps. I can add, list, update, delete. However, when I try to add Android store app, I receive forbidden. I can list store apps, but not to add. From other hand, in Endpoint Manager, I can do this without any problems. All rights, needed and described in Microsoft Doc are set.
I use MS Graph v1.0.
Response which I receive: An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 946f8683-f832-4431-83f5-e32c4d9a74a0 - Url: https://fef.amsub0502.manage.microsoft.com/AppLifecycle_2205/StatelessAppMetadataFEService/deviceAppManagement/mobileApps?api-version=2020-08-04
<ODataError xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/Microsoft.OData.Core">
<Details i:nil="true"/>
<ErrorCode>Forbidden</ErrorCode>
<InnerError i:nil="true"/>
<InstanceAnnotations/>
<Message>{ "_version": 3, "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 1f6c6323-57b0-44f3-9337-28f77a82763c - Url: https://fef.amsub0502.manage.microsoft.com/AppLifecycle_2205/StatelessAppMetadataFEService/deviceAppManagement/mobileApps?api-version=2020-08-04", "CustomApiErrorPhrase": "", "RetryAfter": null, "ErrorSourceService": "", "HttpHeaders": "{}" }</Message>
<Target i:nil="true"/>
</ODataError>
I use the same code to add for both:
AndroidStoreApp app ...
await GraphClient.DeviceAppManagement.MobileApps.Request().AddAsync(app).ConfigureAwait(false);
Any advise please?
make sure you have the right permissions set for the app, you'd need: DeviceManagementApps.ReadWrite.All
You can decode the token at https://jwt.ms and make sure you have DeviceManagementApps.ReadWrite.All permissions assigned.
Also, sample request json that worked for me is below: