I have an issue when trying to run SharePoint related commands using PowerShell's Graph via Delegated Access (GDAP) to a customer's tenant. (I should add that it doesn't matter which customer tenant I try this on)
Other commands such as Get-MgUser work, or commands used to get Conditional Access details etc. Only SharePoint commands fail.
Microsoft Support have directed me here to submit this request.
Steps to reproduce
Run PowerShell 7
Run the following commands to connect to Graph, select a customer tenant and then connect to the customer's tenant.
$Scope = @('Policy.Read.All', 'User.Read.All', 'Group.Read.All', 'UserAuthenticationMethod.Read.All', 'application.read.all', 'SharePointTenantSettings.Read.All', 'SharePointTenantSettings.ReadWrite.All', 'Domain.Read.All')
Note: I have added both "SharePointTenantSettings.Read.All" and "SharePointTenantSettings.ReadWrite.All" to the scope above, to indicate I have tried both.
I have reached out to Microsoft Partner support and verified that I have GDAP setup, that we have security groups with the SharePoint Administrator roles assigned etc (Happy to provide info on this upon request)
Environment
Windows 11, PowerShell 7
Microsoft Partner access with GDAP configured for all clients.
I would greatly appreciate any insight anyone might have as to what the issue may be. Perhaps we have incorrectly configured something within the Partner Portal, or do we need to adjust something across all our client Tenants?
Hi all,
I have an issue when trying to run SharePoint related commands using PowerShell's Graph via Delegated Access (GDAP) to a customer's tenant. (I should add that it doesn't matter which customer tenant I try this on) Other commands such as Get-MgUser work, or commands used to get Conditional Access details etc. Only SharePoint commands fail.
Microsoft Support have directed me here to submit this request.
Steps to reproduce
Run PowerShell 7
Run the following commands to connect to Graph, select a customer tenant and then connect to the customer's tenant.
$Scope = @('Policy.Read.All', 'User.Read.All', 'Group.Read.All', 'UserAuthenticationMethod.Read.All', 'application.read.all', 'SharePointTenantSettings.Read.All', 'SharePointTenantSettings.ReadWrite.All', 'Domain.Read.All')Note: I have added both "SharePointTenantSettings.Read.All" and "SharePointTenantSettings.ReadWrite.All" to the scope above, to indicate I have tried both.Connect-MgGraph -NoWelcome$client = Get-MgContract -All | Out-GridView -OutputMode SingleConnect-MgGraph -TenantId $client.CustomerId -Scopes $Scope -NoWelcomeGet-MgAdminSharepointSettingAt this point I receive the error: "There has been an error authenticating the request. Status: 401 (Unauthorized) ErrorCode: accessDenied ..."
Please note I can run other Graph commands successfully, so far it appears to only be SharePoint commands that fail with the above error.
Expected behavior
To run
Get-MgAdminSharepointSettingand have the results output. To get the SharePoint Settings to determine if a customer's tenant is set to allow "Anyone" to send sharing links, amongst other things. Microsoft Documentation I have referenced: https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.sites/get-mgadminsharepointsetting?view=graph-powershell-1.0Diagnostic logs
I have reached out to Microsoft Partner support and verified that I have GDAP setup, that we have security groups with the SharePoint Administrator roles assigned etc (Happy to provide info on this upon request)
Environment
Windows 11, PowerShell 7 Microsoft Partner access with GDAP configured for all clients.
I would greatly appreciate any insight anyone might have as to what the issue may be. Perhaps we have incorrectly configured something within the Partner Portal, or do we need to adjust something across all our client Tenants?