1

GET用一个有效的令牌做一个

https://graph.microsoft.com/beta/deviceManagement/managedDevices

我得到这个错误:

{
  "error": {
    "code": "UnknownError",
    "message": {
      "ErrorCode": "Forbidden",
      "Message": {
        "_version ": 3,
        "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID:  c0edc6b3-3d79-431f-b224-b034524e565c - Url: https://fef.msua02.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices?api-version=5018-07-19",
        "CustomApiErrorPhrase": "",
        "RetryAfter": null,
        "ErrorSourceService": "",
        "HttpHeaders": {
          "WWW-Authenticate": "Bearer realm=urn:intune:service,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7"
        }
      },
      "Target": null,
      "Details": null,
      "InnerError": null,
      "InstanceAnnotations": []
    },
    "innerError": {
      "request-id": "c0edc6b3-3d79-431f-b224-b034524e565c",
      "date": "2018-09-21T15:27:35"
    }
  }
}

如果我使用 PowerShell 和Microsoft的示例代码做同样的事情,我会成功获得设备列表。

有没有人遇到过同样的问题?

4

2 回答 2

0

我发现出了什么问题。我们获得的令牌用于应用程序权限访问,例如在 AAD 中获取设备和用户,但不是像 managedDevices 这样的委派权限。我与我们的 AAD 团队进行了交谈,他们应该为我们提供一种生成正确令牌的方法。

于 2018-09-22T17:48:05.617 回答
0

I had the same error, and found I had to add the following 3 permissions in Azure to get it working;

https://graph.microsoft.com/DeviceManagementManagedDevices.Read.All - Delegated
https://graph.microsoft.com/User.Read - Delegated
https://graph.microsoft.com/DeviceManagementManagedDevices.Read.All - Application
于 2020-08-04T18:20:22.617 回答