Graph API: forbidden

Shaun Mosher 96 Reputation points
2020-11-13T20:57:24.657+00:00

I have a reporting application that calls the Graph API on customer tenants. I have one customer that is set up with an App Registration and the same permissions, but I still get "Forbidden" from the HttpClient. Is this related to Conditional Access or some other security setting? How can I instruct them to allow access?

I have triple checked the client ID and Secret and they’re correct. The errors come from…
"https://graph.microsoft.com/v1.0/organization"; //Requires: Graph.Organization.Read.All
"https://graph.microsoft.com/v1.0/reports/getSharePointSiteUsageDetail(date={0})" //Requires: Graph.Reports.Read.All

Thank you,

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,592 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deva-MSFT 2,256 Reputation points Microsoft Employee
    2020-11-14T09:25:05.893+00:00
    • Try repro the above using MS Graph Explorer with your tenant!!
    • If you're using delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure AD limited administrator role. So just setting permission at app level might not be sufficient.
    0 comments