ThomasKur
commented
3 years ago The bad thing is, that I would love to use only the Read permission (Policy.Read.All), but Microsoft is only providing the above scopes for these endpoints: https://docs.microsoft.com/en-us/graph/api/authenticationmethodspolicy-get?view=graph-rest-beta&tabs=http
And the Feature Rollout Policy for example is only working in a delegated way when you run the module interactive, but not when silently: https://docs.microsoft.com/en-us/graph/api/featurerolloutpolicies-list?view=graph-rest-1.0&tabs=http
So as, soon the scope Policy.Read.All is available on all endpoints I will remove the others. What you still can do is, just not granting these scopes. This will just generate some error messages during execution and skip the documentation of these endpoints.
I hope this clarifies the problem.
Hi Thomas. First off, this is a pretty impressive product. Well done!
I was going through the Graph API permissions list in the New-M365DocAppRegistration script. I see that you are requesting "Policy.ReadWrite.AuthenticationMethod" and "Policy.ReadWrite.FeatureRollout" permissions. Shouldn't read-only access to all Policy related data be granted by "Policy.Read.All" already? That's the impression I got from the Microsoft documentation anyway.