DTechnologies Blog: Memoirs of a Remote Developer, SharePoint, O365, C#, SQL, JS & misc: May 2022

Symptoms:

When using the MS Graph Explorer in Azure:

If you recie b an eeor with the follwing substring text in the error message:

"Application is not authorized to perform this operation. Application must have one of the following scopes:"

For example:

Url:https://graph.microsoft.com/beta/deviceManagement

Response:

{

"error": {
"code": "Forbidden",
"message": "{\r\n \"_version\": 3,\r\n \"Message\": \"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 5c977c7f-ae03-4be0-82c2-408eafb65caf - Url: <

https://fef.msub05.manage.microsoft.com/DeviceConfiguration_1911/StatelessDeviceConfigurationFEService/deviceManagement?api-version=5019-09-20

>\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}",
"innerError": {
"request-id": "5c977c7f-ae03-4be0-82c2-408eafb65caf",
"date": "2019-11-15T18:53:00"
}
}
}

Resolution:

Sign in to the Azure portal, go to Azure Active Directory > Enterprise Applications, and then select Graph explorer from the list of applications. For example for me : Enterprise Application is at this url
Click "Graph Explorer"
Click Permissions
Search for, Add and then Grant the permission that we want Graph Explorer to execute without error:
With our permission added, we can now execute without error:
Execute:

Here are the ways to get the version of PowerShell :

The $host.Version property
The (Get-Host).Version property
The $PSVersionTable.PSVersion property
The registry (Windows PowerShell only)

Another method is getting the Powershell version from a remote computer:

Invoke-Command -ComputerName 10.0.0.5 -ScriptBlock {Get-Host} -Credential $cred

results in for example:

Major Minor Build Revision PSComputerName ----- ----- ----- -------- -------------- 1 0 0 0 10.0.0.5

Using $host and Get-Host command

: Referencing $host.Version is another way to check Powershell version. The $host variable is an automatic variable that returns the same output as Get-Host.

$host.Version on Remote Computers

You will see the same behavior via PowerShell Remoting with $host.Version as you will running Get-Host.

Invoke-Command -ComputerName 10.0.0.5 -ScriptBlock {$host.Version} -Credential $cred

Registry

If you don’t want to open up PowerShell itself, you can also check the registry. The version of PowerShell is tucked away under a value in the registry key path HKLM:\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine. This registry key has a value called PowerShellVersion that you can reference by using Get-ItemProperty.

(Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine -Name 'PowerShellVersion').PowerShellVersion 5.1.17134.1

Also WMI:

reg query HKLM\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine /v PowerShellVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine PowerShellVersion REG_SZ 5.1.17134.1

Registry on a remote computer:

$scriptBlock = { [version](Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine -Name 'PowerShellVersion').PowerShellVersion } PS51> Invoke-Command -ComputerName 10.0.0.5 -ScriptBlock $scriptBlock -Credential $cred

Version via $PSVersionTable.

PSVersion property on the $PSVersionTable automatic variable. This method will always represent the PowerShell engine.

DTechnologies Blog: Memoirs of a Remote Developer, SharePoint, O365, C#, SQL, JS & misc

Tuesday, May 17, 2022

Azure Microsoft Graph Explorer Permissions : How to resolve "Application must have one of the following scopes" Error