You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're currently testing out this package and it definitely fits all of our needs, you've done a great job!
We're running into a permissions error when attempting to just backup our tenant, we would expect to just need read only permissions for the backup as we don't intend to use the export functionality currently. We've excluded Conditional Access and to complete the backup we have to exclude Profiles which is what it seems to be failing on.
Below is the permissions we have for the app registration -
Below is the error we get
Exception("Request failed with ", response.status_code, " - ", response.text) Exception: ('Request failed with ', 403, ' - ', '{"error":{"code":"Forbidden","message":"{\\r\\n \\"_version\\": 3,\\r\\n \\"Message\\": \\"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementConfiguration.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 420eb042-0974-432a-b551-3eaf2c3a33e3 - Url: https://fef.msua02.manage.microsoft.com/DeviceConfiguration_2310/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations(\'a6a32106-002b-4c6f-83b1-288291c1a726\')
To Reproduce
App registration with read only permissions as described above.
The command we are using is this - IntuneCD-startbackup -m 1 -a 'C:\\Users\gmenzies\\Auth.JSON' -p 'C:\\Users\\gmenzies\\IntuneBackup' -e ConditionalAccess --append-id
Expected behavior
I expect that the backup should complete with only read only permissions and read write is a requirement for the import functionality.
Screenshots
If applicable, add screenshots to help explain your problem.
Run type (please complete the following information):
Mode: [e.g. 0 or 1] - Mode 1
Client [e.g. Pipeline, local machine] - Local Machine
Version [e.g. 1.0.2] - Version 2.02
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
For some reason Microsoft has decided that DeviceManagementConfiguration requires both read and write when exporting certain configurations. It is out of my hands to change this so that specific scope works with read only unfortunately
For some reason Microsoft has decided that DeviceManagementConfiguration requires both read and write when exporting certain configurations. It is out of my hands to change this so that specific scope works with read only unfortunately
Thanks for replying so promptly, I'll raise it to Microsoft then, seems silly that read write is required for it. Thanks for your help!
Describe the bug
Hi,
We're currently testing out this package and it definitely fits all of our needs, you've done a great job!
We're running into a permissions error when attempting to just backup our tenant, we would expect to just need read only permissions for the backup as we don't intend to use the export functionality currently. We've excluded Conditional Access and to complete the backup we have to exclude Profiles which is what it seems to be failing on.
Below is the permissions we have for the app registration -
Below is the error we get
Exception("Request failed with ", response.status_code, " - ", response.text) Exception: ('Request failed with ', 403, ' - ', '{"error":{"code":"Forbidden","message":"{\\r\\n \\"_version\\": 3,\\r\\n \\"Message\\": \\"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementConfiguration.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 420eb042-0974-432a-b551-3eaf2c3a33e3 - Url: https://fef.msua02.manage.microsoft.com/DeviceConfiguration_2310/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations(\'a6a32106-002b-4c6f-83b1-288291c1a726\')
To Reproduce
App registration with read only permissions as described above.
The command we are using is this -
IntuneCD-startbackup -m 1 -a 'C:\\Users\gmenzies\\Auth.JSON' -p 'C:\\Users\\gmenzies\\IntuneBackup' -e ConditionalAccess --append-id
Expected behavior
I expect that the backup should complete with only read only permissions and read write is a requirement for the import functionality.
Screenshots
If applicable, add screenshots to help explain your problem.
Run type (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: