WinGet-Wrapper icon indicating copy to clipboard operation
WinGet-Wrapper copied to clipboard
verified publisher icon SorenLundt

Not Requesting DeviceManagementApps.ReadWrite.All In Graph API

Open joshuaromkes opened this issue 1 year ago • 5 comments

It seems if you do not have graph already setup in the tenant, the Graph call does not request DeviceManagementApps.ReadWrite.All in the app request.

running

$RequiredScopes = ("Organization.ReadWrite.All”, "Directory.Read.All", "DeviceManagementApps.ReadWrite.All") Connect-MgGraph -Scope $RequiredScopes

Fixes this by requesting the needed permissions

joshuaromkes avatar Oct 10 '24 14:10 joshuaromkes

Hi Joshua, The import script is using Connect-MSIntuneGraph and not Connect-MgGraph. Also the script is using module IntuneWin32App which requires the usage of Connect-MSIntuneGraph.

I did a test using Connect-MgGraph, but IntuneWin32App does not accept this connecting. Please let me know what other changes you made to implement using Connect-MgGraph instead of Connect-MSIntuneGraph.

Changes I attempted in WinGet-WrapperImportFromCSV.ps1 Connect section around line 180>190

$RequiredScopes = ("DeviceManagementApps.ReadWrite.All")
Disconnect-MgGraph # Force re-prompt
Connect-MGGraph -TenantID "$TenantID" -Scopes $RequiredScopes

Successfully connected image

Error from IntuneWin32App image

SorenLundt avatar Nov 01 '24 08:11 SorenLundt

I'm getting a similar error when trying to upload to Intune image

I assumed this was because theres no Enterprise Application to auth the upload into? Do we need to make a new Enterprise App/Give Intune Powershell or Graph specific permissions?

colourofsound avatar Nov 01 '24 11:11 colourofsound

I'm getting a similar error when trying to upload to Intune image

I assumed this was because theres no Enterprise Application to auth the upload into? Do we need to make a new Enterprise App/Give Intune Powershell or Graph specific permissions?

Yes this is required now after Microsoft changes. I am working on this issue, which likely will be a guide or script to ensure the Microsoft Graph SDK Enterprise Application has been created and assigned needed permissions.

For me its completely new, so still trying to wrap my head around it to find the right approach.

SorenLundt avatar Nov 01 '24 12:11 SorenLundt

Usually when you make the permission request for the first time, the pop-up lets you auth it for the organisation; but this doesn't seem to be the case.

Is it the Microsoft Graph Powershell enterprise app it needs? I really feel like MS makes this as hard as possible. Keen to help out with this as this wrapper is an absolute godsend - so thank you for your work on it!

colourofsound avatar Nov 01 '24 14:11 colourofsound

Changes I attempted in WinGet-WrapperImportFromCSV.ps1 Connect section around line 180>190

$RequiredScopes = ("DeviceManagementApps.ReadWrite.All")
Disconnect-MgGraph # Force re-prompt
Connect-MGGraph -TenantID "$TenantID" -Scopes $RequiredScopes

So I just tried this; I inserted the above at line 182 in WinGet-WrapperImportFromCSV.ps1; as I wasn't connected to graph at this point the Disconnect-MgGraph errors out so I put a silent continue in there. image

I got a prompt to login and auth the required scopes; once that was done I got a second prompt to auth the Intune import.

And it worked totally fine! Maybe try from a fresh installation? Mine is a fresh copy from Github.

colourofsound avatar Nov 01 '24 15:11 colourofsound