Microsoft Graph API backend incorrectly translates microsoft.graph.mobileLobApp to microsoft.management.services.api.mobileLobApp

[Drashti-Patel]

Describe the bug

The Microsoft Graph API beta endpoint has a backend translation bug where requests to microsoft.graph.mobileLobApp are incorrectly translated to microsoft.management.services.api.mobileLobApp, causing file upload operations to fail.

Actual behavior The API returns error showing the URL was translated incorrectly:

Url: https://proxy.amsub0102.manage.microsoft.com/AppLifecycle_2509/StatelessAppMetadataFEService/deviceAppManagement/mobileApps('app-id')/microsoft.management.services.api.mobileLobApp/contentVersions('1')/files?api-version=5025-07-11

Error Response:

{
  "error": {
    "code": "BadRequest",
    "message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000"
  }
}

Environment

• API Version: beta
• Authentication: Service Principal with DeviceManagementApps.ReadWrite.All permissions
• Endpoint: https://graph.microsoft.com/beta/deviceAppManagement/mobileApps

Additional context

• Step 1 (app creation) works correctly
• Step 2 (content version creation) works correctly
• Step 3 (file creation) fails due to backend URL translation
• This affects automated CI/CD deployments to Microsoft Intune
• Issue occurs consistently across different service principals and tenants

Request-ID examples:

• 76d33f48-63c0-432b-8391-8c0404ab2da4
• 8caa33a3-c0eb-4f1b-b287-1548dfa7e35c

Expected behavior

The API should accept the request and create the file entry successfully.

How to reproduce

1. Create an Android LOB app via POST /beta/deviceAppManagement/mobileApps
2. Create content version via POST /beta/deviceAppManagement/mobileApps/{id}/microsoft.graph.mobileLobApp/contentVersions
3. Attempt to create file via POST /beta/deviceAppManagement/mobileApps/{id}/microsoft.graph.mobileLobApp/contentVersions/{version}/files

SDK Version

No response

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

I'm trying to implement github actions for uploading android application in microsoft intune. below are the logs:

Run set -e set -e

echo "🔐 Getting access token directly (bypassing Azure CLI subscription check)..." TOKEN_RESPONSE=$(curl -s -X POST "https://login.microsoftonline.com/$AZURE_TENANT_ID/oauth2/v2.0/token"
-H "Content-Type: application/x-www-form-urlencoded"
-d "client_id=$AZURE_CLIENT_ID"
-d "client_secret=$AZURE_CLIENT_SECRET"
-d "scope=https://graph.microsoft.com/.default"
-d "grant_type=client_credentials")

TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token // empty') if [ -z "$TOKEN" ]; then echo "❌ Failed to get token:" echo "$TOKEN_RESPONSE" | jq '.' exit 1 fi echo "✅ Access token acquired successfully!"

VERSION_NAME=2.0.0 VERSION_CODE=2

echo "🚀 Uploading app to Microsoft Intune..." echo "📱 App: Tulkkaussovellus Hyvaks v$VERSION_NAME" echo "📋 Package: com.oma.tulkkaaks.staging" echo "📄 File: app/build/outputs/bundle/stagingRelease/app-staging-release.aab"

echo "🔧 Using direct REST API calls..."

Step 1: Create app

echo "📦 Step 1: Creating app..." APP_RESPONSE=$(curl -s -X POST "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d "{ "@odata.type": "#microsoft.graph.androidLobApp", "displayName": "Tulkkaussovellus Hyvaks v$VERSION_NAME", "description": "Staging v$VERSION_NAME (code $VERSION_CODE)", "publisher": "Hyvaks", "packageId": "com.oma.tulkkaaks.staging", "fileName": "app-staging-release.aab", "versionName": "$VERSION_NAME", "versionCode": "$VERSION_CODE", "minimumSupportedOperatingSystem": { "@odata.type": "microsoft.graph.androidMinimumOperatingSystem", "v8_0": true } }")

APP_ID=$(echo "$APP_RESPONSE" | jq -r '.id // empty') if [ -z "$APP_ID" ]; then echo "❌ App creation failed:" echo "$APP_RESPONSE" | jq '.' exit 1 fi echo "✅ App created with ID: $APP_ID"

Wait for app to be ready

sleep 10

Step 2: Create content version

echo "📦 Step 2: Creating content version..." CONTENT_RESPONSE=$(curl -s -X POST
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d '{}')

CONTENT_VERSION=$(echo "$CONTENT_RESPONSE" | jq -r '.id // empty') if [ -z "$CONTENT_VERSION" ]; then echo "❌ Content version creation failed:" echo "$CONTENT_RESPONSE" | jq '.' exit 1 fi echo "✅ Content version: $CONTENT_VERSION"

Step 3: Create file entry - USE SAME PATTERN AS STEP 2

FILE_SIZE=$(stat --format=%s "app/build/outputs/bundle/stagingRelease/app-staging-release.aab") echo "📦 Step 3: Creating file entry (size: $FILE_SIZE bytes)..."

echo "🔄 Using same URL pattern that worked for content version..." FILE_RESPONSE=$(curl -s -X POST
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions/$CONTENT_VERSION/files"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d "{ "@odata.type": "#microsoft.graph.mobileAppContentFile", "name": "app-staging-release.aab", "size": $FILE_SIZE, "sizeEncrypted": $FILE_SIZE, "manifest": null }")

echo "🔍 File creation response:" echo "$FILE_RESPONSE" | jq '.' FILE_ID=$(echo "$FILE_RESPONSE" | jq -r '.id // empty')

if [ -z "$FILE_ID" ]; then echo "❌ File creation failed. Response:" echo "$FILE_RESPONSE" | jq '.'

# Check if it's the known API translation bug
if echo "$FILE_RESPONSE" | grep -q "microsoft.management.services.api"; then
  echo ""
  echo "🚨 MICROSOFT API TRANSLATION BUG DETECTED!"
  echo "Your request: microsoft.graph.mobileLobApp"
  echo "Microsoft received: microsoft.management.services.api.mobileLobApp"
  echo ""
  echo "This is a confirmed Microsoft Graph API backend bug."
  echo "The app was created successfully but file upload fails due to API translation issues."
  echo ""
  echo "✅ Your app exists in Intune with ID: $APP_ID"
  echo "💡 You can complete the upload manually through Intune Admin Center"
  echo "🔗 https://intune.microsoft.com/#blade/Microsoft_Intune_Apps/AppsMenu"
fi
exit 1

fi

echo "✅ File entry created: $FILE_ID"

Step 4: Get upload URL - USE SAME PATTERN

echo "📦 Step 4: Getting upload URL..." for i in {1..20}; do echo "📍 Polling for upload URL (attempt $i)..." FILE_STATE=$(curl -s -X GET
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions/$CONTENT_VERSION/files/$FILE_ID"
-H "Authorization: ***")

UPLOAD_URL=$(echo "$FILE_STATE" | jq -r '.azureStorageUri // empty')

if [ -n "$UPLOAD_URL" ]; then
  echo "✅ Upload URL found!"
  echo "🔗 Upload URL: ${UPLOAD_URL:0:50}..."
  break
fi

echo "🔄 Attempt $i: waiting for upload URL..."
sleep 3

done

if [ -z "$UPLOAD_URL" ]; then echo "❌ Upload URL not available after 20 attempts" echo "Final file state:" echo "$FILE_STATE" | jq '.' exit 1 fi

Step 5: Upload file

echo "📦 Step 5: Uploading file to Azure Storage..." UPLOAD_RESULT=$(curl -w "\nHTTP_CODE:%{http_code}" -X PUT "$UPLOAD_URL"
--upload-file "app/build/outputs/bundle/stagingRelease/app-staging-release.aab"
-H "x-ms-blob-type: BlockBlob"
-H "Content-Type: application/octet-stream")

echo "Upload result: $UPLOAD_RESULT"

if [[ $UPLOAD_RESULT == "HTTP_CODE:20" ]] || [[ $UPLOAD_RESULT == "HTTP_CODE:201" ]]; then echo "✅ File uploaded successfully!" else echo "❌ Upload failed!" exit 1 fi

Step 6: Commit file - USE SAME PATTERN

echo "📦 Step 6: Committing file..." COMMIT_RESPONSE=$(curl -s -X POST
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions/$CONTENT_VERSION/files/$FILE_ID/commit"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d "{ "fileEncryptionInfo": { "encryptionKey": "", "macKey": "", "initializationVector": "", "mac": "", "profileIdentifier": "ProfileVersion1", "fileDigest": "", "fileDigestAlgorithm": "SHA256" } }")

echo "🔍 File commit response:" echo "$COMMIT_RESPONSE" | jq '.' echo "✅ File committed!"

Step 7: Commit content version - USE SAME PATTERN

echo "📦 Step 7: Committing content version..." COMMIT_VERSION_RESPONSE=$(curl -s -X POST
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions/$CONTENT_VERSION/commit"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d '{}')

echo "🔍 Content version commit response:" echo "$COMMIT_VERSION_RESPONSE" | jq '.' echo "✅ Content version committed!"

echo "🎉 SUCCESS! App uploaded to Microsoft Intune!" echo "📱 App ID: $APP_ID" echo "📋 Check your Intune admin center for the new app!" shell: /usr/bin/bash -e {0} env: VARIANT: staging AAB_PATH: app/build/outputs/bundle/stagingRelease/app-staging-release.aab FILE_NAME: app-staging-release.aab PACKAGE_ID: com.oma.tulkkaaks.staging JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.16-8/x64 JAVA_HOME_17_X64: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.16-8/x64 AZURE_CLIENT_ID: *** AZURE_CLIENT_SECRET: *** AZURE_TENANT_ID: *** 🔐 Getting access token directly (bypassing Azure CLI subscription check)... ✅ Access token acquired successfully! 🚀 Uploading app to Microsoft Intune... 📱 App: Tulkkaussovellus Hyvaks v2.0.0 📋 Package: com.oma.tulkkaaks.staging 📄 File: app/build/outputs/bundle/stagingRelease/app-staging-release.aab 🔧 Using direct REST API calls... 📦 Step 1: Creating app... ✅ App created with ID: bab9c369-043f-4404-8bfd-7d68b8bfe377 📦 Step 2: Creating content version... ✅ Content version: 1 📦 Step 3: Creating file entry (size: 32827883 bytes)... 🔄 Using same URL pattern that worked for content version... 🔍 File creation response: { "error": { "code": "BadRequest", "message": "{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 76d33f48-63c0-432b-8391-8c0404ab2da4 - Url: https://proxy.amsub0102.manage.microsoft.com/AppLifecycle_2509/StatelessAppMetadataFEService/deviceAppManagement/mobileApps('bab9c369-043f-4404-8bfd-7d68b8bfe377')/microsoft.management.services.api.mobileLobApp/contentVersions('1')/files?api-version=5025-07-11",\r\n "CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}", "innerError": { "date": "2025-09-22T14:01:33", "request-id": "76d33f48-63c0-432b-8391-8c0404ab2da4", "client-request-id": "76d33f48-63c0-432b-8391-8c0404ab2da4" } } } ❌ File creation failed. Response: { "error": { "code": "BadRequest", "message": "{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 76d33f48-63c0-432b-8391-8c0404ab2da4 - Url: https://proxy.amsub0102.manage.microsoft.com/AppLifecycle_2509/StatelessAppMetadataFEService/deviceAppManagement/mobileApps('bab9c369-043f-4404-8bfd-7d68b8bfe377')/microsoft.management.services.api.mobileLobApp/contentVersions('1')/files?api-version=5025-07-11",\r\n "CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}", "innerError": { "date": "2025-09-22T14:01:33", "request-id": "76d33f48-63c0-432b-8391-8c0404ab2da4", "client-request-id": "76d33f48-63c0-432b-8391-8c0404ab2da4" } } } 🚨 MICROSOFT API TRANSLATION BUG DETECTED! Your request: microsoft.graph.mobileLobApp Microsoft received: microsoft.management.services.api.mobileLobApp This is a confirmed Microsoft Graph API backend bug. The app was created successfully but file upload fails due to API translation issues. ✅ Your app exists in Intune with ID: bab9c369-043f-4404-8bfd-7d68b8bfe377 💡 You can complete the upload manually through Intune Admin Center 🔗 https://intune.microsoft.com/#blade/Microsoft_Intune_Apps/AppsMenu Error: Process completed with exit code 1.

Configuration

No response

Other information

No response

[gavinbarron]

It looks like you're try to raise an issue with a specific Microsoft Graph API.

This repo is specifically for Microsoft Graph PowerShell, Your repro steps use CURL which indicates that this is an issue with the underlying HTTP API and not the PowerShell module.

I'm leaving this open until we can forward it to the owning team