I am trying to create a app that basically uses Win32_Application_Add.ps1 from the powershell intune samples. The application has the following permissions:
- DeviceManagementApps.Read.All
- DeviceManagementApps.ReadWrite.All
All goes well with multiple api calls until it hits line 1052 and i get error saying
Response status code does not indicate success: 401 (Unauthorized).
I expected the app had all access it needed and would continue
The uri it calls is:
/deviceAppManagement/mobileApps/{mobileAppId}/microsoft.graph.win32LobApp/contentVersions/1/files/{fileId}
If i use the microsoft graph explorer with my admin user it returns a valid result
question:
What permission is needed and how do i find that documented for this call
/deviceAppManagement/mobileApps/{mobileAppId}/microsoft.graph.win32LobApp/contentVersions/1/files/{fileId}
what have i tried:
I checked the function in graph explorer that will show you what permission that is needed , but it crashes the graph explorer.(function is in preview)
Tried to give the app all the intune permission scopes, but that had zero effect
Googling the call has not given my anything useful yet
To check both delegated and application permissions for the Intune please refer this document, Intune device management permissions.