Solved

HTTPCaller for Microsoft Intune Data-Warehouse OData fails on OAuth WebConnection

  • 31 March 2022
  • 1 reply
  • 71 views
_fabian_
Rank
Badge

I try to retrieve Data from the Microsoft Intune MDM using OData. The OData FME Reader only supports Basic and NTLM Authentication thought and dhe OData REST API only supports OAuth so I had to resort to the HTTPCaller.

 

This is similar to this Question

 

I created a new Web-Service from the "Microsoft Azure Active Directory (Template)" template and extended the API Permissions in the Azure Portal for the Client App with the get_data_warehouse Permission. I already created it for the "Microsoft SharePoint Online" Web-Service (which works fine using the SharePoint Lists Reader).

Web-ServiceAuthentication URL:

https://api.manage.microsoft.com/get_data_warehouse" alt="https://login.microsoftonline.com/e0aedced-9266-403b-b320-a41XXXXXXX/oauth2/v2.0/authorize?scope=https://api.manage.microsoft.com/get_data_warehouse" target="_blank">https://login.microsoftonline.com/e0aedced-9266-403b-b320-a41XXXXXXX/oauth2/v2.0/authorize?scope=https://api.manage.microsoft.com/get_data_warehouse offline_access&response_type=code&prompt=consent

 

AzurePortalURIsI then Authorized the Web-Service and added a new WebConnection for it which I set in the HTTPCaller.

WebConnectionHTTPCallerI still can't get the GET OData REST request to work, only 401 gets returned.

Recjected Output:

{"ErrorCode":"Forbidden","Message":"{\r\n  \"_version\": 3,\r\n  \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: c3c44206-023e-4f79-aa82-0ef1fbb51456 - Url: https://fef.msub03.manage.microsoft.com/ReportingService/DataWarehouseFEService/devices?api-version=beta\",\r\n  \"CustomApiErrorPhrase\": \"\",\r\n  \"RetryAfter\": null,\r\n  \"ErrorSourceService\": \"\",\r\n  \"HttpHeaders\": \"{\\\"WWW-Authenticate\\\":\\\"Bearer realm=\\\\\\\"urn:intune:service,b0ab6c73-f703-4a4e-85e4-58016453cfa7,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7\\\\\\\"\\\"}\"\r\n}","Target":null,"Details":null,"InnerError":null,"InstanceAnnotations":[]}

 

All Help is greatly appreciated, I tried for hours now

 

Microsoft Intune Data Warehouse-API Documentation:

icon

Best answer by _fabian_ 9 September 2022, 10:36

View original

1 reply

_fabian_
Rank
Badge

I could finally resolve it, using the Graph API instead of the Intune Data Warehouse API.

 

To get my Device Informations, I need a HTTP Caller with the URL 

https://graph.microsoft.com/v1.0/deviceManagement/managedDevices

 and Web Connection as Authentication Mode.

 

For the Web Connection it's crucial to know, that there are different scopes and audiences, which can't be mixed. To use Sharepoint Online and Graph Resources, you have to create two Web Connections.

 

They are the exact same but only differ at the scope parameter under Authentication. For Graph it has to be

https://login.microsoftonline.com/e0aedced-9266-403b-b320-a4149ab05b66/oauth2/v2.0/authorize?response_type=code&prompt=consent&scope=offline_access https://graph.microsoft.com/.default

(https://graph.microsoft.com/.default instead of https://example.sharepoint.com/.default)

 

Then you have to expand the API Permissions of your Azure Enterprise Application to include the

https://graph.microsoft.com/DeviceManagementManagedDevices.Read.All

permission.

Reply


Community Stats

28,669
Posts
109,361
Replies
36,531
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.