Intune Graph resetPasscode from ServiceNow Flow Designer REST step returns 403 (client credentials)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
I’m building a ServiceNow Flow Designer action that calls Microsoft Graph to run the Intune managedDevice resetPasscode action:
- Base URL:
https://graph.microsoft.com - Method:
POST - Resource:
/v1.0/deviceManagement/managedDevices/{managedDeviceId}/resetPasscode - Auth in ServiceNow: OAuth Provider using Client Credentials (app-only) via Connection Alias
The call consistently fails with 403 Forbidden. The response includes: “Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementManagedDevices.PrivilegedOperations.All …”
Our org does allow the Delegated permission DeviceManagementManagedDevices.PrivilegedOperations.All (for interactive/admin scenarios).
Our security team will only approve Graph Application permission DeviceManagementManagedDevices.ReadWrite.All for the app registration (no PrivilegedOperations.All app permission).
Question:
- Has anyone successfully executed Intune remote actions like
resetPasscodefrom ServiceNow using client credentials?
Any examples/configuration tips (Intune Spoke / Connection Alias / OAuth provider settings) would be appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @George56
You have to give the required API permission as required for the integration otherwise it will not work.
You can raise a case to your ServiceNow vendor to know if any alternative is there.
Refer: Microsoft Intune ServiceNow Integration Use cases
Similar kind of issue I faced where 3rd party was not allowing to provide mentioned scope ( it was manage scope). That time ServiceNow clearly conveyed to us , as per documentation , API permission needs to provide otherwise integration will not work.
