I am trying to retrieve a list of enrolled devices using the microsoft graph api. The authenticated GET request to https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicySettingStateSummaries
{
"error": {
"code": "UnknownError",
"message": "{\"ErrorCode\":\"Forbidden\",\"Message\":\"{\\r\\n \\\"_version\\\": 3,\\r\\n \\\"Message\\\": \\\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: dd0e2f48-90b3-49e0-bb9a-b3b02e4b9482 - Url: https://fef.msua08.manage.microsoft.com/DeviceConfiguration_2005/StatelessDeviceConfigurationFEService/deviceManagement/deviceCompliancePolicySettingStateSummaries?api-version=2020-02-21\\\",\\r\\n \\\"CustomApiErrorPhrase\\\": \\\"\\\",\\r\\n \\\"RetryAfter\\\": null,\\r\\n \\\"ErrorSourceService\\\": \\\"\\\",\\r\\n \\\"HttpHeaders\\\": \\\"{\\\\\\\"WWW-Authenticate\\\\\\\":\\\\\\\"Bearer realm=\\\\\\\\\\\\\\\"urn:intune:service,bb7003b9-cb7f-44b2-b534-54f84f2f0d63,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7\\\\\\\\\\\\\\\"\\\\\\\"}\\\"\\r\\n}\",\"Target\":null,\"Details\":null,\"InnerError\":null,\"InstanceAnnotations\":[]}",
"innerError": {
"request-id": "dd0e2f48-90b3-49e0-bb9a-b3b02e4b9482",
"date": "2020-05-28T11:34:16"
}
}
}
I am following the documentation here.
We just needed to add these resource permissions DeviceManagementConfiguration.ReadWrite.All and DeviceManagementConfiguration.Read.All in Azure AD permissions.
Related
I am trying to assign groups and devices to a PowerShell script in Microsoft Intune using the following POST request:
URL: https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/%7Bid%7D/Assign
Body:
{
"deviceManagementScriptGroupAssignments": [
{
"#odata.type": "#microsoft.graph.deviceManagementScriptGroupAssignment",
"id": "{ScriptId:GroupId}",
"targetGroupId": "{GroupId}"
}
],
"deviceManagementScriptAssignments": [
{
"#odata.type": "#microsoft.graph.deviceManagementScriptAssignment",
"id": "{ScriptID:DeviceID}",
"target": {
"#odata.type": "#microsoft.graph.allDevicesAssignmentTarget",
"deviceAndAppManagementAssignmentFilterId": null,
"deviceAndAppManagementAssignmentFilterType": "none"
}
}
]
}
However, I am getting a 400 error with the following message:
"{ "_version": 3, "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 615c3437-bd99-2193-9d4b-d9a61deb0340 - Url: https://fef.amsua0102.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/deviceManagementScripts('{id}')/microsoft.management.services.api.assign?api-version=5022-11-08", "CustomApiErrorPhrase": "", "RetryAfter": null, "ErrorSourceService": "", "HttpHeaders": "{}"}"
I base on this document of Microsoft https://learn.microsoft.com/en-us/graph/api/intune-shared-devicemanagementscript-assign?view=graph-rest-beta
I tried to reproduce the same in my environment.
Received the same error:
{
"error": {
"code": "UnknownError",
"message": "{\"ErrorCode\":\"Forbidden\",\"Message\":\"{\\ \\\"_version\\\": 3,\\ \\\"Message\\\": \\\"An error has occurred - Operation ID (for customer support): xxxx –
}
When I followed the url in the error and queried, I got that the api version is not supported.
Make sure the authorization header is given with bearer token which has proper permissions to work with intune and device management
Omit the parameter #odata.type in the post request body.
{
"#odata.type": "#microsoft.graph.deviceManagementScript",
…
"runAs32Bit": true
}
Make sure you have DeviceManagementConfiguration.ReadWrite.All Application and delegated permissions.
Note that Intune requires an active Intune license for the tenant.
I am getting an error when adding a group as a member of other group using the Microsoft Graph API. It was working okay before, but now it's giving me an error.
I am using this:
POST https://graph.microsoft.com/v1.0/groups/{group-id}/members/$ref
Content-type: application/json
body:
{
"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{id}"
}
And I am getting this error:
{
"error": {
"code": "Request_BadRequest",
"message": "An invalid operation was included in the following modified references: 'members'.",
"innerError": {
"date": "2021-09-08T16:09:31",
"request-id": "b1f3a1d9-96ae-4f3e-9ec0-73781bed4379",
"client-request-id": "b1f3a1d9-96ae-4f3e-9ec0-73781bed4379"
}
}
}
I was just trying to access the Send chatMessage in a channel or a chat using the microsoft grah API. Also given the required permissions for the for my application both Delegant & Application level.
API Used : POST https://graph.microsoft.com/v1.0/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6#thread.tacv2/messages
Content-type: application/json
{
"body": { "content": "Hello World" }
}
Postman Response: 401
{
"error": {
"code": "Unauthorized",
"message": "Unauthorized",
"innerError": {
"date": "2021-07-16T16:34:49",
"request-id": "ddd9c7ad-f84b-423f-88fc-630330bad600",
"client-request-id": "ddd9c7ad-f84b-423f-88fc-630330bad600"
}
}
}
Graph API Explorer Response : 403
Documentation URL : https://learn.microsoft.com/en-us/graph/api/chatmessage-post?view=graph-rest-1.0&tabs=http
Thanks in Advance.
I tried this using graph explorer and I was able to send the message.
Note : Please make sure you have the above required permissions to send the message to the channel.
Reference:
Send chatMessage in a channel or a chat - Microsoft Graph v1.0 | Microsoft Docs
I am using Azure AD B2C to create users.
After a user is created I would like to add them to a Group
Using Postman I have made the following request (with access token in the header). Note: I have managed to successfully create a group using the Api.
POST
https://graph.windows.net/{azure-tenant}/groups/{group-objectId/members/$ref?api-version=1.6
With Body:
{
"#odata.id": "https://graph.windows.net/{azure-tenant}/directoryObjects/{user-objectId}"
}
Which is what the documentation specifies. No matter the body that is sent I get the following error
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "The request URI is not valid. Since the segment 'members' refers to a collection, this must be the last segment in the request URI. All intermediate segments must refer to a single resource."
},
"requestId": "48cf65f3-20ba-411e-8121-f7ea54252f3a",
"date": "2019-05-27T06:09:25"
}
}
I tried removing the /$ref
POST
https://graph.windows.net/{azure-tenant}/groups/{group-objectId/members?api-version=1.6
Body:
{
"#odata.id": "https://graph.windows.net/{azure-tenant}/directoryObjects/{user-objectId}"
}
as well as
{
"#odata.id": "https://graph.windows.net/{azure-tenant}/users/{user-objectId}"
}
Now the error that gets returned now is:
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "Unsupported resource type 'DirectoryObject' for operation 'Create'."
},
"requestId": "2c36cc6d-383c-44f8-8609-2ac3e3efc862",
"date": "2019-05-27T06:15:26"
}
}
The documentation that I have been using https://learn.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0&tabs=javascript
You are using graph.windows.net endpoint, so you should refer to azure ad graph api.
POST https://graph.windows.net/myorganization/groups/b4bda672-1fba-4711-8fb1-5383c40b2c14/$links/members?api-version=1.6
{
"url": "https://graph.windows.net/myorganization/directoryObjects/3eb6055a-baeb-44d4-a1ea-2fee86d8891b"
}
The document you referred to is microsoft graph api. The endpoint should be https://graph.microsoft.com.
You can use Microsoft Graph explorer to call these apis.
When making a call to the Microsoft German Graph /sites/root endpoint, it returns 'Resource Not Found', although that in global Graph the same endpoint works perfectly ok
Here is an example:
https://graph.microsoft.de/v1.0/sites/root
It returns:
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'sites'.",
"innerError": {
"request-id": "aff4a613-54ed-476d-976f-d4ac7a8c7ee2",
"date": "2018-04-26T07:59:17"
}
}
}
Found an answer, for now, this service is deployed only in the "beta" API
So I used https://graph.microsoft.de/beta/sites/root and it works