ThomasKur / IntuneDocumentation

Automatic Intune Documentation to simplify the life of admins and consultants.
GNU General Public License v3.0
339 stars 87 forks source link

Failed to retrieve access token from Azure #7

Closed micheltenhove closed 6 years ago

micheltenhove commented 6 years ago

I'm receiving the following error when I run the script, perhaps I'm missing something here? :-)

error

ThomasKur commented 6 years ago

Sorry for the delayed answer: Can you try to register Intune PowerShell Access in your Azure AD. Perhaps this is not already done in your tenant:

https://login.microsoftonline.com/$Tenant/oauth2/authorize?client_id=d1ddf0e4-d672-4dae-b554-9d5bdfd93547&response_type=code&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_mode=query&resource=https%3A%2F%2Fgraph.microsoft.com%2F&state=12345&prompt=admin_consent

Replace $Tenant with your UPN of the username and then Open the url in a browser...

lwhitworth commented 6 years ago

I'm seeing the same issue. If I disable MFA on my account it gets a lot further, but eventually hit:

The remote server returned an error: (400) Bad Request. ---> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: <snip>: Due to a configuration change made by your administrator, or because you moved to a new
location, you must enroll in multi-factor authentication to access

Turning back on MFA I go back to the "Failed to retrieve access token from Azure" error.

PeterSelchDahl commented 6 years ago

Hi,

Just replace the "$Tenant" with your tenant ID an run the script again. tenant

If it still does not work as expected you should double check that you have provided consent as mentioned by Thomas consent

Provide consent by using the steps mentioned by Thomas.

For reference. 2018_08_01_14_54_26_windows_powershell_ise 2018_08_01_14_55_21_windows_powershell_ise2

/Peter Selch Dahl Azure MVP

ThomasKur commented 6 years ago

Thanks Peter for your answer.

lrh-albert commented 4 years ago

I encountered similar issue Error: Failure when retrieving tokens while using azure data studio in macOS 10.15.4(19E266), and the url was like https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&response_mode=query&client_id=a69788c6-1d43-44ed-9ca3-b83e194da255&redirect_uri=https%3A%2F%2Fvscode-redirect.azurewebsites.net%2F&state=53697%2CgbLs14mTaDgAVCmijcHLvA%253D%253D&prompt=select_account&code_challenge_method=S256&code_challenge=oXKihXyp7aZbsGHKh4LYW2_J-BxcNVsJ6wAXW_ihJCI&resource=https%3A%2F%2Fmanagement.core.windows.net%2F

I've tried changing $Tenant, which is "common" in this case, into my tenant ID, however, it didn't work for me. Seek for more info about this issue and thanks a lot!

ThomasKur commented 4 years ago

As I see you are using macOS: This is currently not supported by the underlying Intune PowerShell Module. Can you try it on a Windows Device?

lrh-albert commented 4 years ago

As you suggested I've tried it on Windows Device before macOS and it worked well Thanks for your help so I will not waste time on it on macOS lol