How to get applications installed on a particular device in intune with graph api.
When it comes to a specific Intune Graph API that can get applications installed on a particular device, you should be able to use the mobileAppInstallStatus resource type.
The following example shows how you can determine whether an application is installed on a user's device: For more info - Using the Microsoft Graph API for Intune.
Get from Azure Active Directory a list of devices registered to a user:
https://graph.microsoft.com/users/{user}/ownedDevices
Then view the list of applications for your tenant:
https://graph.microsoft.com/deviceAppManagement/mobileApps
Take the ID from the application and determine the installation state for the application (and therefore user):
https://graph.microsoft.com/deviceAppManagement/mobileApps/{id}/deviceStatuses/
Related
We have a daemon app that connects to teams using MS graph. It's using "Application Permissions" mode and Admin consent is granted for most permissions. We are able to add channels (private or 'standard'), add/remove members, etc... from this service based on company requirements. All is well.
For the ChannelMessages, we'd like to be able to retrieve them based on userPrincipalName, from the same tenant that the app is registered in. (I know there is an ChannelMessage.Read.All with Application Permission and it requires us to submit a form to MS, we are not currently pursuing that route...).
Do we have to create ConfidentialClientApplication object to communicate with MS graph? If so, how do we create a ClaimsPrincipal or ClaimsIdentity, based only on userPrincipalName? Or is there a different solution to this problem?
Your help is appreciated.
thanks,
Art
I'm trying to get a list of devices associated with my Microsoft account. When somebody uses his Microsoft account for logging in into his Windows account, he can see that in https://account.microsoft.com/devices/ appears a new device, from which he has logged in. So, I'd like to get this list using API. I've tried to send GET request to https://graph.microsoft.com/v1.0/devices as the Documentation says using my access token, but an empty list is returned although in https://account.microsoft.com/devices/ there are registered devices. What's the problem?
The /devices endpoint hasn't been released so it isn't available under /v1.0. It is only available under /beta.
You can find details on how to use /devices in the Beta documentation.
We are using the iOS Intune SDK to build a native MAM app. This app needs to access the Graph API to read the user profile and other data. What we did:
(1) We registered a app and gave the permissions: User.Read (for Graph and Windows Azure AD), DeviceManagementManagedApp.ReadWrite
Login and enrollment to Intune is working, the app gets enrolled. But, when trying to obtain the access token for the Graph API using the ADAL SDK I need to sign in again a then I am blocked with the message that the device needs to be managed to access this resource.
Do I need another permission? Where to I get the access token from? Is anything else missing?
From your description it appears you have a Conditional Access policy enabled that requires mobile devices are Intune MDM managed. When you call the Graph API from an unmanaged device it will ask you to enroll the device. If you remove the Conditional Access policy you should be able to confirm this.
We're trying to automate device creation using the Graph API.
What is our situation: We don't have intune. We use another 3rd party MDM solution and have a API there to extract information. We have Azure and we use conditional access to allow access to cloud ressources from managed and compliant devices only.
So far only Intune can report compliance status to Azure AD of a managed iOS device. So we were trying to automate ths process by creating devices in Azure AD using Graph API and stuck on the value to use for deviceID in the JSON (documentation).
The general UUID and UDID, what we can get from our MDM API are not working, so the device is not recognized because the deviceID read from the OneDrive App for example is not matching with UUID/UDID we extracted, during authentication in Azure as compliant/managed.
Can anyone help how to correctly generate/use the Create Device API in Graph to have the right deviceID so the device will be recognized correctly when accessing cloud resources?
I'm attempting to take advantage of the public preview of Microsoft Graph reporting APIs for retrieving Office 365 product usage data. I have an application registered for Graph that successfully executes Graph calls for non-reporting APIs (i.e. the access_token I generate with my app is successfully used to access users information for a tenant: https://graph.microsoft.com/beta/users) but when I try any of the report resources I encounter the below error:
Invalid scope claims/roles.
According to the documentation I've read this would seem to imply that my app does not have the necessary permissions for reports but this is not correct as I have confirmed that the app has the "Read all usage reports" application permission enabled.
Has anyone else encountered similar challenges with the Microsoft Graph reporting APIs and have any suggestions that I could try?
If you added this scope after you had already authorized the application, it may still be using the previous/cached list of scopes. You can force re-authorization by adding ?prompt=consent to your initial authorization URL. For example:
https://login.microsoftonline.com/common/oauth2/authorize?client_id={app id}
&response_type=code&redirect_uri={redirect uri}&prompt=consent