Symptoms:
When using the MS Graph Explorer in Azure:
Summary:
Resolving the error "Application must have one of the following scopes" when accessing the GraphAPI
Detail:
If you receive an error with the following substring part in the error message:
"Application is not authorized to perform this operation."
and/or
"Application must have one of the following scopes:"
When accessing the service url : https://graph.microsoft.com/beta/deviceManagement
An example response:
{
"error": {"code": "Forbidden",
"message": "{\r\n \"_version\": 3,\r\n \"Message\": \"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 5c977c7f-ae03-4be0-82c2-408eafb65caf - Url: <
https://fef.msub05.manage.microsoft.com/DeviceConfiguration_1911/StatelessDeviceConfigurationFEService/deviceManagement?api-version=5019-09-20>\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError": {
"request-id": "5c977c7f-ae03-4be0-82c2-408eafb65caf",
"date": "2019-11-15T18:53:00"
}
}
}
Resolution:
Sign in to the Azure portal, go to Azure Active Directory > Enterprise Applications, and then select Graph explorer from the list of applications. For example for me : Enterprise Application is at this url
Click "Graph Explorer"
Click Permissions
Search for, Add and then Grant the permission that we want Graph Explorer to execute without error:
With our permission added, we can now execute without error:
- Execute:
No comments:
Post a Comment