问题
My goal is to create a schedulable PowerShell script that will report on recently enrolled devices. I have created the Application and granted some permissions.
$OauthTokenEndpoint = 'https://login.microsoftonline.com/tenantid/oauth2/token'
$OauthRequest = @{
grant_type="client_credentials"
client_id = "clientidguid"
client_secret = "clientidsecret"
resource = "https://graph.microsoft.com"
scope="DeviceManagementManagedDevices.Read.All"
}
$AuthResponse = Invoke-RestMethod -Uri $OauthTokenEndpoint -Method Post -ContentType application/x-www-form-urlencoded -Body $OauthRequest
$Token = $authresponse.access_token
#this query completes successfully
$Success = Invoke-restmethod -uri https://graph.microsoft.com/v1.0/users/username@domain.com/ownedDevices -Headers @{Authorization = "Bearer $Token"} -method Get
#this query fails with 401 unauthorised
$401Error = Invoke-RestMethod -Headers @{Authorization = "Bearer $Token"} -uri "https://graph.microsoft.com/beta/managedDevices/deviceguid?`$select=hardwareInformation" -Method GET
I believe that my issue is that I have not, or can not grant DeviceManagementManagedDevices.Read.All scope permissions to my application. This API works with Graph Explorer, and I have an interactive version of this script that uses delegated permissions that works. How can I permit my Application to access the ManagedDevices API endpoint so that I can use it non-interactively.
回答1:
Received information from Microsoft that using Intune Graph APIs without user credentials is currently not supported.
来源:https://stackoverflow.com/questions/42497266/ms-graph-api-manageddevices-obtaining-scope