1
我的目標是創建一個可調度的PowerShell腳本,它將報告最近註冊的設備。我創建了應用程序並授予了一些權限。MS Graph API - ManagedDevices獲取範圍
$OauthTokenEndpoint = 'https://login.microsoftonline.com/tenantid/oauth2/token'
$OauthRequest = @{
grant_type="client_credentials"
client_id = "clientidguid"
client_secret = "clientidsecret"
resource = "https://graph.microsoft.com"
scope="DeviceManagementManagedDevices.Read.All"
}
$AuthResponse = Invoke-RestMethod -Uri $OauthTokenEndpoint -Method Post -ContentType application/x-www-form-urlencoded -Body $OauthRequest
$Token = $authresponse.access_token
#this query completes successfully
$Success = Invoke-restmethod -uri https://graph.microsoft.com/v1.0/users/[email protected]/ownedDevices -Headers @{Authorization = "Bearer $Token"} -method Get
#this query fails with 401 unauthorised
$401Error = Invoke-RestMethod -Headers @{Authorization = "Bearer $Token"} -uri "https://graph.microsoft.com/beta/managedDevices/deviceguid?`$select=hardwareInformation" -Method GET
我相信,我的問題是,我還沒有,或者不能授予DeviceManagementManagedDevices.Read.All範圍的權限,以我的應用程序。這個API與Graph Explorer一起工作,並且我有一個使用委託權限的交互版本的腳本。我如何允許我的應用程序訪問ManagedDevices API端點,以便我可以非交互方式使用它。