Open weinishen opened 2 years ago
@jiasli for awareness
APIs like List deviceShellScripts require DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All permissions.
However, even as a first-party app, Azure CLI is not granted such permissions.
We are considering exposing something like
# hypothetical
az config set auth.client_id=xxx
so that Azure CLI can also behave like third-party app when using user authentication. (https://github.com/Azure/azure-cli/issues/13284)
Apply for these permissions from Microsoft Graph team.
For now, you may use az login
with a service principal that has DeviceManagementManagedDevices.Read.All and DeviceManagementManagedDevices.ReadWrite.All application permissions.
Per our testing, az rest --uri not support some Graph Endpoints e.g. /deviceManagement/deviceShellScripts, since Azure CLI (1st party app) doesn't have the required delegated permissions.
However, our document doesn't mention that. May I know if any plan for letting az rest support that? Or can we update the document letting us know that limitation?
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.