question

Brian-8433 avatar image
0 Votes"
Brian-8433 asked Brian-8433 answered

Beta Graph API permission problem with signInActivity

Hi, I'm new here and wondering if someone can help me with a problem. I am trying to use the beta graph API to retrieve signInActivity and I keep getting a 403 forbidden error. I am a global admin and have setup an app registration and permissions. If I call this method I get a 403 forbidden.

https://graph.microsoft.com/beta/users?`$select=displayName,userPrincipalName, mail, id, CreatedDateTime, signInActivity, UserType&`$top=1

If I remove the signInActivity parameter then it works fine and retrieves all the users. Is there a specific permission needed for signInActivity or is there an overall permission needed to use the beta API that I'm missing?

Thanks,

Brian

microsoft-graph-sdk
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Brian-8433 avatar image
0 Votes"
Brian-8433 answered

Ok, I finally figured it out, I was thinking that an E5 license has the Azure AD Premium license but only the Microsoft 365 E5 has that, not the Office 365 E5. So, I added a P1 to my user and then it worked on the tenant I was having trouble with.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Brian-8433 avatar image
0 Votes"
Brian-8433 answered

I am getting a 403 Forbidden error. I have access to a few different tenants. In two of the tenants where I am a global admin and have an E5 license I don't get an error. I create an app registration with the correct permissions and it works fine. However, I have another tenant where I am a global admin and it was not working. I gave myself an E5 license and re-create the app registration but that did not solve the problem. I can't figure out why it works in one tenant and not the other. Of course, the one where it isn't working is where I actually need it to work.

Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Brian-8433 avatar image
0 Votes"
Brian-8433 answered DamaniaHarsh-9949 commented

Ok, do you just mean I have to have at least one P2 license in the tenant and it can be assigned to anyone? In that case, I do already have that. I also have the directory permission as well as users, auditlogs, devices and several other permissions.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

what is the error?

0 Votes 0 ·
Brian-8433 avatar image
0 Votes"
Brian-8433 answered DamaniaHarsh-9949 commented

Thank you but how do you apply a license to an app registration? I created an enterprise app and assigned it application permission and the auditlog.read.all along with some other permissions like user.read.all but the app id and secret doesn't have a user and license associated with it.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

the licence is for per tenant and not user based.

you also need to grant directory.read.all permission.

0 Votes 0 ·
DamaniaHarsh-9949 avatar image
0 Votes"
DamaniaHarsh-9949 answered

We need azure premium p1 or p2 , and auditlog.read.All

but in my case , it works sometimes and sometimes it doesnt.
I have observed that it is not able to get the premium license

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.