Intune Device management scope for the microsoft graph api

Question

How do you grant the nesecarry privilages to access devicemanagement through the graph api?

I'm trying to make calls to an endpoint like this, but i'm not allowed to. https://graph.microsoft.com/beta/deviceAppManagement/mobileApps

To use the Intune API it seems you need the DeviceManagementConfiguration.ReadWrite.All scope, but i can't find where i set this. I've tried to both register my app in the Azure AD and register the application in the app registration portal. Do I need to download the app manifest and manually set this scope?

Answer 1

I work on the Microsoft Intune team, specifically on the integration between Microsoft Intune and Microsoft Graph.

Currently the scopes are not available in the Azure AD endpoints, but we are working to resolve that by the end of the month, since the scopes are not yet available we are not enforcing that they are assigned to your app. Once the scopes are available in the Azure AD endpoints we will enforce that they are assigned to your app.

Note that if you are getting access denied errors it can be because one of two possible reasons:

1. You do not have an Intune license assigned to the account you are using to call into Microsoft Graph. This is a limitation of the current preview, that we are hoping to remove sometime soon. In the meantime you should be able to work around this problem by assigning an Intune license using the instructions on https://learn.microsoft.com/en-us/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4
2. The Intune APIs are only available to users who have access to the Microsoft Intune in the Azure portal preview. You can see more information on the Microsoft Intune in the Azure portal preview at https://learn.microsoft.com/en-us/intune-azure/introduction/what-is-microsoft-intune

Hope this helps

Peter