Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

az rest --uri not support some Graph Endpoints e.g. /deviceManagement/deviceShellScripts #20572

Open
weinishen opened this issue Dec 1, 2021 · 2 comments
Open

az rest --uri not support some Graph Endpoints e.g. /deviceManagement/deviceShellScripts #20572

weinishen opened this issue Dec 1, 2021 · 2 comments
Assignees
@jiasli
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request Microsoft Graph rest az rest
Milestone
Backlog

Comments

@weinishen
Copy link

Per our testing, az rest --uri not support some Graph Endpoints e.g. /deviceManagement/deviceShellScripts, since Azure CLI (1st party app) doesn't have the required delegated permissions.

However, our document doesn't mention that. May I know if any plan for letting az rest support that? Or can we update the document letting us know that limitation?

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
@ghost ghost added needs-triage This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that customer-reported Issues that are reported by GitHub users external to the Azure organization. labels Dec 1, 2021
@yonzhan yonzhan added the rest az rest label Dec 1, 2021
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Dec 1, 2021
@yonzhan yonzhan removed the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label Dec 1, 2021
@yonzhan yonzhan added this to the Backlog milestone Dec 1, 2021
@yonzhan
Copy link
Collaborator

yonzhan commented Dec 1, 2021

@jiasli for awareness

@jiasli
Copy link
Member

jiasli commented Dec 1, 2021

Explanation

APIs like List deviceShellScripts require DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All permissions.

However, even as a first-party app, Azure CLI is not granted such permissions.

Possible solutions

  1. We are considering exposing something like

    # hypothetical
az config set auth.client_id=xxx

    so that Azure CLI can also behave like third-party app when using user authentication. ([Feature Request] Support custom client ID for user authentication #13284)

  2. Apply for these permissions from Microsoft Graph team.

Workaround

For now, you may use az login with a service principal that has DeviceManagementManagedDevices.Read.All and DeviceManagementManagedDevices.ReadWrite.All application permissions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request Microsoft Graph rest az rest
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@jiasli @yonzhan @weinishen