ThomasKur
Error obtaining AzureAD conditional access
Hi, Using delegated access and with the Policy.Read.All permission I failed to get CA documentation.
$doc = Get-M365Doc -Components AzureAD Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/conditionalAccess/policies At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.3.0\Internal\Helper\Invoke-DocGraph.ps1:62 char:13
-
throw "Used application does not have sufficiant permissi ... -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : OperationStopped: (Used applicatio...Access/policies:String) [], RuntimeException
- FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/conditionalAccess/ policies
Getting my tokens permissions show Policy.Real.All
scp : AccessReview.Read.All Agreement.Read.All AppCatalog.Read.All Application.Read.All ConsentRequest.Read.All Device.Read.All DeviceManagementApps.Read.All DeviceManagementConfiguration.Read.All DeviceManagementManagedDevices.Read.All DeviceManagementRBAC.Read.All DeviceManagementServiceConfig.Read.All Directory.Read.All Domain.Read.All Organization.Read.All Policy.Read.All PrivilegedAccess.Read.AzureAD PrivilegedAccess.Read.AzureADGroup PrivilegedAccess.Read.AzureResources User.Read profile openid email
Trying the same in the web I see that is the only permission required
Same issue after excluding AADConditionalAccess this time with Identity providers
Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/identityProviders At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.3.0\Internal\Helper\Invoke-DocGraph.ps1:62 char:13
-
throw "Used application does not have sufficiant permissi ... -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : OperationStopped: (Used applicatio...entityProviders:String) [], RuntimeException
- FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/identityProviders
I tried adding IdentityProvider.Read.All and Policy.Read.ConditionalAccess but both errors remain.
I have seen this error now as well. it can also happen if you have no license for the specific feature. Could it be that in this tenant you have no E5 or Entra ID P2 license for example?
