Running in some weirds issues trying to backup certain policies.
This is the error I get when backing up a Delivery Optimization policy (Profile type: Delivery Optimization)
Invoke-MSGraphRequest : 403 Forbidden
{"error":{"code":"Forbidden","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"Application is not authorized to perform this operation. Application must have one of the
following scopes: DeviceManagementConfiguration.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID:
2578f4a3-00e0-4699-bde7-e699fabc1086 - Url: https://fef.msub05.manage.microsoft.com/DeviceConfiguration_2203/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfig
urations%28%2714381b43-02e4-474f-80e3-da9a82e80c7f%27%29/microsoft.management.services.api.getOmaSettingPlainTextValue%28secretReferenceValueId%3D%2744f6dd7c-3c9d-4cac-ab19-59d
f216dd379_14381b43-02e4-474f-80e3-da9a82e80c7f_f87fa2de-ff49-4135-b077-7c29f0a6ab70%27%29?api-version=5022-02-22\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\":
null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\":
\"{}\"\r\n}","innerError":{"date":"2022-03-22T12:40:15","request-id":"2578f4a3-00e0-4699-bde7-e699fabc1086","client-request-id":"2578f4a3-00e0-4699-bde7-e699fabc1086"}}}
At C:\Program Files\WindowsPowerShell\Modules\IntuneBackupAndRestore\3.2.0\Public\Invoke-IntuneBackupDeviceConfiguration.ps1:51 char:40
... tingValue = Invoke-MSGraphRequest -HttpMethod GET -Url "deviceManagem ...
Running in some weirds issues trying to backup certain policies.
This is the error I get when backing up a Delivery Optimization policy (Profile type: Delivery Optimization) Invoke-MSGraphRequest : 403 Forbidden {"error":{"code":"Forbidden","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementConfiguration.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 2578f4a3-00e0-4699-bde7-e699fabc1086 - Url: https://fef.msub05.manage.microsoft.com/DeviceConfiguration_2203/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfig urations%28%2714381b43-02e4-474f-80e3-da9a82e80c7f%27%29/microsoft.management.services.api.getOmaSettingPlainTextValue%28secretReferenceValueId%3D%2744f6dd7c-3c9d-4cac-ab19-59d f216dd379_14381b43-02e4-474f-80e3-da9a82e80c7f_f87fa2de-ff49-4135-b077-7c29f0a6ab70%27%29?api-version=5022-02-22\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError":{"date":"2022-03-22T12:40:15","request-id":"2578f4a3-00e0-4699-bde7-e699fabc1086","client-request-id":"2578f4a3-00e0-4699-bde7-e699fabc1086"}}} At C:\Program Files\WindowsPowerShell\Modules\IntuneBackupAndRestore\3.2.0\Public\Invoke-IntuneBackupDeviceConfiguration.ps1:51 char:40
Same goes for Endpoint Analytics policy and custom policy for Update Compliance.
All other policies worked fine, I connected through an application which only had read permissions