Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not Requesting DeviceManagementApps.ReadWrite.All In Graph API #19

Open
joshuaromkes opened this issue Oct 10, 2024 · 5 comments
Open

Not Requesting DeviceManagementApps.ReadWrite.All In Graph API #19

joshuaromkes opened this issue Oct 10, 2024 · 5 comments

Comments

@joshuaromkes
Copy link

It seems if you do not have graph already setup in the tenant, the Graph call does not request DeviceManagementApps.ReadWrite.All in the app request.

running

$RequiredScopes = ("Organization.ReadWrite.All”, "Directory.Read.All", "DeviceManagementApps.ReadWrite.All")
Connect-MgGraph -Scope $RequiredScopes

Fixes this by requesting the needed permissions
@SorenLundt
Copy link
Owner

Hi Joshua,
The import script is using Connect-MSIntuneGraph and not Connect-MgGraph.
Also the script is using module IntuneWin32App which requires the usage of Connect-MSIntuneGraph.

I did a test using Connect-MgGraph, but IntuneWin32App does not accept this connecting.
Please let me know what other changes you made to implement using Connect-MgGraph instead of Connect-MSIntuneGraph.

Changes I attempted in WinGet-WrapperImportFromCSV.ps1
Connect section around line 180>190

$RequiredScopes = ("DeviceManagementApps.ReadWrite.All")
Disconnect-MgGraph # Force re-prompt
Connect-MGGraph -TenantID "$TenantID" -Scopes $RequiredScopes

Successfully connected
image

Error from IntuneWin32App
image

@colourofsound
Copy link

I'm getting a similar error when trying to upload to Intune
image

I assumed this was because theres no Enterprise Application to auth the upload into? Do we need to make a new Enterprise App/Give Intune Powershell or Graph specific permissions?

@SorenLundt
Copy link
Owner

SorenLundt commented Nov 1, 2024
edited
Loading

I'm getting a similar error when trying to upload to Intune image

I assumed this was because theres no Enterprise Application to auth the upload into? Do we need to make a new Enterprise App/Give Intune Powershell or Graph specific permissions?

Yes this is required now after Microsoft changes.
I am working on this issue, which likely will be a guide or script to ensure the Microsoft Graph SDK Enterprise Application has been created and assigned needed permissions.

For me its completely new, so still trying to wrap my head around it to find the right approach.

@colourofsound
Copy link

Usually when you make the permission request for the first time, the pop-up lets you auth it for the organisation; but this doesn't seem to be the case.

Is it the Microsoft Graph Powershell enterprise app it needs? I really feel like MS makes this as hard as possible. Keen to help out with this as this wrapper is an absolute godsend - so thank you for your work on it!

@colourofsound
Copy link

Changes I attempted in WinGet-WrapperImportFromCSV.ps1 Connect section around line 180>190

$RequiredScopes = ("DeviceManagementApps.ReadWrite.All")
Disconnect-MgGraph # Force re-prompt
Connect-MGGraph -TenantID "$TenantID" -Scopes $RequiredScopes

So I just tried this; I inserted the above at line 182 in WinGet-WrapperImportFromCSV.ps1; as I wasn't connected to graph at this point the Disconnect-MgGraph errors out so I put a silent continue in there.
image

I got a prompt to login and auth the required scopes; once that was done I got a second prompt to auth the Intune import.

And it worked totally fine! Maybe try from a fresh installation? Mine is a fresh copy from Github.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joshuaromkes @colourofsound @SorenLundt