I’m building a ServiceNow Flow Designer action that calls Microsoft Graph to run the Intune managedDevice resetPasscode action:
- Base URL:
https://graph.microsoft.com - Method:
POST - Resource:
/v1.0/deviceManagement/managedDevices/{managedDeviceId}/resetPasscode - Auth in ServiceNow: OAuth Provider using Client Credentials (app-only) via Connection Alias
The call consistently fails with 403 Forbidden. The response includes: “Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementManagedDevices.PrivilegedOperations.All …”
Our org does allow the Delegated permission DeviceManagementManagedDevices.PrivilegedOperations.All (for interactive/admin scenarios).
Our security team will only approve Graph Application permission DeviceManagementManagedDevices.ReadWrite.All for the app registration (no PrivilegedOperations.All app permission).
Question:
- Has anyone successfully executed Intune remote actions like
resetPasscode from ServiceNow using client credentials?
Any examples/configuration tips (Intune Spoke / Connection Alias / OAuth provider settings) would be appreciated.
