问题描述
我是O Auth 2授权代码流,用于对Azure进行身份验证并为Intune调用Graph API(通过在Intune中创建的用于访问API的委派应用)。
已在我的组织租户下在Azure中注册的APP提供了以下权限。
https://graph.microsoft.com/DeviceManagementApps.Read.All https://graph.microsoft.com/DeviceManagementConfiguration.Read.All https://graph.microsoft.com/DeviceManagementManagedDevices.Read.All https://graph.microsoft.com/User.Read
范围内的API:
https://graph.microsoft.com/v1.0/deviceManagement/detectedApps
https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps```
I am getting the following error both at Mobile APP level and Postman. Could you please help me to identify the issue?
{ “错误”:{ “ code”:“ UnkNownError”, “信息”: { “ ErrorCode”:“禁止”, “信息”: { “ _version”:3, “消息”:“发生错误-操作ID(用于客户支持):00000000-0000-0000-0000-000000000000-活动ID:c85eb7ab-687d-4780-bd88-94a3b52e7df7-网址:https://fef.msub02.manage.microsoft.com/DeviceConfiguration_2008/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations?api-version=2020-02-21", “ CustomApiErrorPhrase”:“”, “ RetryAfter”:null, “ ErrorSourceService”:“”, “ HttpHeaders”:{ “ WWW-Authenticate”:“ Bearer realm = urn:intune:service,bb7003b9-cb7f-44b2-b534-54f84f2f0d63,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7” } }, “目标”:空, “详细信息”:null, “ InnerError”:null, “ InstanceAnnotations”:[] }, “ innerError”:{ “ date”:“ 2020-09-02T21:09:14” “ request-id”:“ c85eb7ab-687d-4780-bd88-94a3b52e7df7”,
}
}```
解决方法
您可以尝试使用Global Administrator角色或Global Reader角色来读取Intune数据,因为必须具有这些roles。授予任何这些角色后,请尝试使用各自的权限进行以下调用。
https://graph.microsoft.com/v1.0/deviceManagement/detectedApps
https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps