Hi @Eisenhaur, Liam ,
I have verified above issue and I am able to replicate this issue from my end using delegated permissions scope and resolve it as well. AuditLog.Read.All deletegated permissions granted to the app registerted in Azure AD and also ensured that admin content is granted for this delegated permissions for my registred app in Azure AD.
Example:
List signins API error for an user with AuditLog.Read.All deletegated permissions and admin content is granted for this permissions for my registred app in Azure AD.
Assigned the user with "Reports Reader" directory role in M365 admin center.
Successful API response posted assigning "Reports Reader" directory role in M365 admin center.
Please crorss verify the error message in first screenshot above and also ensure the below things are taken care for your app in your tenant:
- AuditLog.Read.All deletegated permissions granted and also ensure that admin content is granted for these permissions as well for your app registered in Azure AD.
Example :
2.As mentioned in the List signins API documentation, Make sure that the user using this List signins API is running under deletegated permissions is assigned to or having any one of the following directory roles :
3.As documented here, there is a known issue with this API, currently requires consent to both the AuditLog.Read.All and Directory.Read.All delegated permissions and also ensure that admin content is granted for these permissions as well for your app registered in Azure AD.
I would advise you to reachout to your tenant admin to ensure that above things are taken care and also cross verify the admin content is granted for AuditLog.Read.All and Directory.Read.All delegated permissions for your app in registred in AD and also user has assiagned to one of the direcory roles mentioned above.
If the answer is helpful to you, please click "Accept Answer" and kindly upvote it. If you have additional questions about this answer, please click "Comment".