Skip to content
This repository has been archived by the owner on Jul 22, 2024. It is now read-only.

GDAP - PowerShell Graph (SharePoint commands) - 401 Unauthorized #428

Open
bwcapo opened this issue Jun 19, 2024 · 0 comments
Open

GDAP - PowerShell Graph (SharePoint commands) - 401 Unauthorized #428

bwcapo opened this issue Jun 19, 2024 · 0 comments

Comments

@bwcapo
Copy link

bwcapo commented Jun 19, 2024
edited
Loading

Hi all,

I have an issue when trying to run SharePoint related commands using PowerShell's Graph via Delegated Access (GDAP) to a customer's tenant. (I should add that it doesn't matter which customer tenant I try this on)
Other commands such as Get-MgUser work, or commands used to get Conditional Access details etc. Only SharePoint commands fail.

Microsoft Support have directed me here to submit this request.

Steps to reproduce

  • Run PowerShell 7

  • Run the following commands to connect to Graph, select a customer tenant and then connect to the customer's tenant.

$Scope = @('Policy.Read.All', 'User.Read.All', 'Group.Read.All', 'UserAuthenticationMethod.Read.All', 'application.read.all', 'SharePointTenantSettings.Read.All', 'SharePointTenantSettings.ReadWrite.All', 'Domain.Read.All')
Note: I have added both "SharePointTenantSettings.Read.All" and "SharePointTenantSettings.ReadWrite.All" to the scope above, to indicate I have tried both.

Connect-MgGraph -NoWelcome
$client = Get-MgContract -All | Out-GridView -OutputMode Single
Connect-MgGraph -TenantId $client.CustomerId -Scopes $Scope -NoWelcome

Get-MgAdminSharepointSetting

At this point I receive the error:
"There has been an error authenticating the request. Status: 401 (Unauthorized) ErrorCode: accessDenied ..."

Please note I can run other Graph commands successfully, so far it appears to only be SharePoint commands that fail with the above error.

Expected behavior

To run Get-MgAdminSharepointSetting and have the results output.
To get the SharePoint Settings to determine if a customer's tenant is set to allow "Anyone" to send sharing links, amongst other things.
Microsoft Documentation I have referenced:
https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.sites/get-mgadminsharepointsetting?view=graph-powershell-1.0

Diagnostic logs

I have reached out to Microsoft Partner support and verified that I have GDAP setup, that we have security groups with the SharePoint Administrator roles assigned etc (Happy to provide info on this upon request)

Environment

Windows 11, PowerShell 7
Microsoft Partner access with GDAP configured for all clients.

I would greatly appreciate any insight anyone might have as to what the issue may be. Perhaps we have incorrectly configured something within the Partner Portal, or do we need to adjust something across all our client Tenants?
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bwcapo