microsoft / intune-resource-access Goto Github PK
View Code? Open in Web Editor NEWSample code and scripts for interfacing with the Intune Resource Access APIs.
License: MIT License
Sample code and scripts for interfacing with the Intune Resource Access APIs.
License: MIT License
② I would like to know the processing specifications of this API (purpose of use, processing content, necessity of calling, etc.) as I do not understand them in the first place.
https://github.com/microsoft/Intune-Resource-Access/blob/master/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneRevocationClient.java
・CertificateAuthorityRequests/uploadRevocationResults
Hi.
Is it possible to extract Public Key from encProvider in pem format?
When calling ValidateRequestAsync I get an internal server error being returned. This is how I am making the call.
`var transId = Guid.NewGuid();
var validator = new IntuneScepValidator(
properties,
trace: new TraceSource("log")
try
{
validator.ValidateRequestAsync(transId.ToString(), Convert.ToBase64String(envelopedCms.ContentInfo.Content)).Wait();
}
catch (Exception ex)
{
Logger.log.WriteLog(LogLevel.Debug, "InTune validation failed");
Logger.log.WriteLog(LogLevel.Debug, ex.Message);
Logger.log.WriteLog(LogLevel.Debug, ex.InnerException.Message);
p.WriteFailure();
return;
}`
And this is what I get on the console:
log Information: 0 : Refreshing service map from Microsoft.Graph log Error: 0 : Failed to contact intune service with URL: https://fef.msuc02.manage.microsoft.com/RACerts/ScepRequestValidationFEService/Gateway/StatelessScepRequestValidationService/ScepActions/validateRequest; Response status code does not indicate success: 500 (Internal Server Error). log Error: 0 : { "error":{ "code":"InternalError","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"Method 'get_CertStoreFactory' in type 'Microsoft.Management.Services.Deployment.Certificates.ServiceRuntime.CertRuntimeStoreConfiguration' from assembly 'Microsoft.Management.Services.Deployment.Certificates.ServiceRuntime, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' does not have an implementation. - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: d798ddce-f2d1-4e3f-8cad-7ae979ff9b0d - Url: https://fef.msuc02.manage.microsoft.com/RACerts/StatelessScepRequestValidationService/ScepActions/validateRequest\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}" } } InTune validation failed One or more errors occurred. Response status code does not indicate success: 500 (Internal Server Error).
Is something broken or am I doing something wrong here? The error message doesn't give me any information that helps me. I have checked that the csr is valid (if it isn't I get a different error) and that the properties variable contains the correct information.
Cheers
Simon
Hello.
Intune: Create SCEP Certificate Profile on Tenant A
AzureAD: Register application in Tenant B
In this state, when I called ValidateRequest, I got the following error response (BadTenantIdInChallenge).
<ValidateRequest,>
https://learn.microsoft.com/ja-jp/mem/intune/protect/scep-libraries-apis#validaterequest-method
2022-10-23 16:05:32,001 INFO PkiItService -[ajp-nio-8049-exec-8] - transactionId : 4e89b80dcbf3a79d1c281fd7796228066046aac1
2022-10-23 16:05:32,002 INFO IntuneClient -[ajp-nio-8049-exec-8] - Refreshing service map from Microsoft.Graph
2022-10-23 16:05:33,085 INFO IntuneScepServiceClient -[ajp-nio-8049-exec-8] - Activity 0bd7ef94-23f9-45da-b4b0-134d8d954020 has completed.
2022-10-23 16:05:33,085 INFO IntuneScepServiceClient -[ajp-nio-8049-exec-8] - {"code":"BadTenantIdInChallenge","errorDescription":"Failed to parse the tenant id in the challenge.tenantId in challenge does not match tenantId from security token.","@odata.context":"https://fef.msuc05.manage.microsoft.com/RACerts/StatelessScepRequestValidationService/641b43b0-ffff-9953-0915-102113131035/$metadata#microsoft.management.services.scepRequestValidationService.api.scepActionResult"}
2022-10-23 16:05:33,086 WARN IntuneScepServiceException -[ajp-nio-8049-exec-8] - Error Code value not expected: BadTenantIdInChallenge
2022-10-23 16:05:33,086 WARN IntuneScepServiceClient -[ajp-nio-8049-exec-8] - ActivityId:0bd7ef94-23f9-45da-b4b0-134d8d954020,TransactionId:4e89b80dcbf3a79d1c281fd7796228066046aac1,ErrorCode:BadTenantIdInChallenge,ErrorDescription:Failed to parse the tenant id in the challenge.tenantId in challenge does not match tenantId from security token.
When does this error occur? What are the specifications?
Hi looking at the documentation I see the following fields for send success:
However, looking at the example I see the extra fields of "caConfiguration" and "certificateAuthority". What are these values supposed to be?
The IntuneClient class seems to only support ClientCredential. We would like to do certificate-based authentication, using AsymmetricKeyCredential. This seems to be straight-forward, but i wonder if there is a reason only the ClientCredential path is implemented?
hello
I have two questions about methods within the IntuneRevocationClient class.
(1) About the DownloadCARevocationRequests method
I am executing a POST request to DOWNLOADREVOCATIONREQUESTS_URL (CertificateAuthorityRequests/downloadRevocationRequests) within the method, is there an API specification for the downloadRevocationRequests endpoint? .
What specific values should I set for the request parameters? , what value is returned as a response? I would like to know the details.
(2) About the UploadRevocationResults method
I am executing a POST request to the UPLOADREVOCATIONRESULTS_URL (CertificateAuthorityRequests/uploadRevocationResults) within the method, is there an API specification for the uploadRevocationResults endpoint? .
What specific values should I set for the request parameters? , what value is returned as a response? I would like to know the details.
I would also like to know what to call this method when I want to do it.
Thank you.
Please add the functionality to authenticate with the application itself and not delegated permissions.
This will enable authentication via certificate instead of username/password.
When PowerShell script runs “none-interactively” as a scheduled job an exception “one more error occurred” is thrown. As a minimum introduction of API call that can extend the lifespan of token would be helpful so one can launch the script interactively and run it for a longer period of time.
Hi all, i'm using this tool to succesfully deploy a cert issued by sectigo, now i'm doing the same thing with a Digicert Certificate, once i use the command:
$userPFXObject = New-IntuneUserPfxCertificate -PathToPfxFile "C:\Users\admin.far\Desktop\Digicert.pfx" $SecureFilePassword "[email protected]" "Microsoft Software Key Storage Provider" "PFXEncryptionKey" "smimeEncryption"
everything seems to work. but then if i try to list the certificates with Get-IntuneUserPfxCertificate this certificate is not listed.
Any suggestion on where to check?
Are you able to provide the detailed steps to deploy the code to Intunes so that I am able to import S/MIME certificates in pfx format to Intune and deploy the pfx certificates to users?
I have the module built and imported, but when I go to authenticate to AAD, I receive the following:
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application
I have been unable to find the answer in the Readme or in the source files themselves. I did see that the reply URL points to a hash table /common but I have been unsuccessful in getting authentication to work.
Can you provide an example of the reply URL that is supposed to be listed in the Enterprise App?
Thanks
ErrorCode doesn't support BadDeviceTypeInChallenge
System.Exception: Requested value 'BadDeviceTypeInChallenge' was not found.
at System.Enum.TryParseEnum(Type enumType, String value, Boolean ignoreCase, EnumResult& parseResult)
at System.Enum.Parse(Type enumType, String value, Boolean ignoreCase)
at Microsoft.Intune.IntuneScepServiceException..ctor(String errorCode, String errorDescription, String transactionId, Guid activityId, TraceSource trace) in C:\bitbucket\aeg\src\Intune.ScepValidation\IntuneScepServiceException.cs:line 120
at Microsoft.Intune.IntuneScepValidator.<PostAsync>d__13.MoveNext() in
The API request used to “downloadRevocationRequests” accepts two parameters, and neither of which work as expected. Furthermore, the Endpoint being queried is not documented and doesn’t appear to have any pagination features.
Request Parameter: issuerName:
Request Parameter: maxRequests:
maxRequests=10.
issuerName=testb3d9b17c51~testroot
Expected Response given the fact that issuerName is mismatched: A list of 4 certificates to be revoked.
Actual Response: 0 Certificates (empty response).
{
"@odata.context":https://fef.msua01.manage.microsoft.com/RACerts/StatelessPkiConnectorService/6fc027cc-ffff-0265-1009-102518023364/$metadata#Collection(microsoft.management.services.api.caRevocationRequest),"value":[
]
}
maxRequests=500.
issuerName=testb3d9b17c51~testroot
Expected Response given the fact that issuerName is mismatched: A list of 4 certificates to be revoked.
Actual Response: A list of 4 certificates to be revoked.
{
"@odata.context":https://fef.msua01.manage.microsoft.com/RACerts/StatelessPkiConnectorService/6fc027cc-ffff-0965-1009-102517542417/$metadata#Collection(microsoft.management.services.api.caRevocationRequest),"value":[
{
"requestContext":"2:092d620fb3d30a731a0454f4791398e0c350a212:5b2726c0-dbe3-40c9-998d-d080b96e9404:a61791ec-36fb-4ffc-8a89-62a2a8dda771","serialNumber":"7dafad71a092690b8eb030dae55348c2","issuerName":"CN=Root CA,OU=Smoke Test,O=Entrust","caConfiguration":"testb3d9b17c51~testroot"
},{
"requestContext":"2:7b75c4206d059a4e0ac335c2589b96fb21203c3f:5b2726c0-dbe3-40c9-998d-d080b96e9404:a61791ec-36fb-4ffc-8a89-62a2a8dda771","serialNumber":"55f05c880048d6f487db7927d83808ee","issuerName":"CN=Root CA,OU=Smoke Test,O=Entrust","caConfiguration":"testb3d9b17c51~testroot"
},{
"requestContext":"2:d7136ebeb113f1ce42b568f612b4e6ccbdcc4625:5b2726c0-dbe3-40c9-998d-d080b96e9404:a61791ec-36fb-4ffc-8a89-62a2a8dda771","serialNumber":"408d5cbf6fe165f84a17629efa38286c","issuerName":"CN=Root CA,OU=Smoke Test,O=Entrust","caConfiguration":"testb3d9b17c51~testroot"
},{
"requestContext":"2:d89db377283350b6abe362a479479ac71deb1c51:5b2726c0-dbe3-40c9-998d-d080b96e9404:a61791ec-36fb-4ffc-8a89-62a2a8dda771","serialNumber":"67b2d0faeaf43d673880b6bd3bcb0756","issuerName":"CN=Root CA,OU=Smoke Test,O=Entrust","caConfiguration":"testb3d9b17c51~testroot"
}
]
}
We were left with the following questions after experiencing the above behavior:
It looks like the code uses the ADAL authentication, this document (https://developer.microsoft.com/en-us/identity/blogs/end-of-support-timelines-for-azure-ad-authentication-library-adal-and-azure-ad-graph/) mentions, that this will stop working in July 2022.
Are there any plans to migrate to MSAL?
Hi,
I'm calling the Java Intune Resource Access API method DownloadCARevocationRequests with "issuerName" parameter set, but it's not returning any requests.
My issuing CA certificate's subject is "cn=My Issuing CA,c=SE", and I'm trying to pass the issuerName value as "cn=My Issuing CA,c=SE", but I'm still receiving an empty list of revocation requests.
If I pass the issuerName parameter value as an empty string or as null, then I do receive the expected revocation requests correctly.
Is the format I'm using for issuerName wrong, or could there be a problem in how the issuerName is handled?
Hi,
when I try to import the module I'm getting this error:
Import-Module : The specified module 'IntunePfxImport.psd1' was not loaded because no valid module file was found in any module directory.
At line:1 char:1
- Import-Module IntunePfxImport.psd1
+ CategoryInfo : ResourceUnavailable: (IntunePfxImport.psd1:String) [Import-Module], FileNotFoundException + FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
I'm a PS noob but should there not be anywhere the Microsoft.Management.Powershell.PFXImport.dll file?
Thanks for help and best regards
Jakob
Attempt to instantiate IntuneScepServiceClient
fails without error message.
The best I can tell, the cause seems to be the value of intuneResourceUrl
, which is set in the IntuneClient
-class (line 83): https://api.management.microsoft.com
That domain no longer exists. I guess it has been replaced by the Microsoft's Graph API?
Will there be an update to the csrValidation -library that fixes this issue?
In V1.1, after importing PFX certificate(s) (via Import-IntuneUserPfxCertificate) for a user X a consecutive call GetIntuneUserId for user Y is failing with error “One or more errors occurred”.
I have managed to create the certificate, and when I run Get-IntuneUserPfxCertificate, I can see the entry. However, when I create the device configuration profile in Intune for a PKCS imported Certificate, I cannot see the cert in the Certificates list. Is there any way I can validate this behavior since the certs are not deploying to my devices.
Similarly, and apologies for a non-dev question, I wish to use these certs to connect to an Azure App reg (MS Warehouse Management) on Android Dedicated devices (no user affinity). Since these are user certs, how can I engineer this to work?
The csr-validation library fetches a new access token for each request:
AuthenticationResult authResult = this.authClient.getAccessTokenFromCredential(this.intuneResourceUrl);
There are even unit tests that verify this method is called every time. But if authResult is a standard access token with an expiry date, shouldn't it be reusable? Implementing this is easy, but of course breaks the tests. Is there a reason the library acquires a new token every time?
IntuneScepServiceClient.java
・ PROVIDER_NAME_AND_VERSION = "Information used to identify the product and its version"
We checked that this value is used in the source code as User-Agent in the SCEP Intune API.
Therefore, I think AAD and Intune are pulling this value.
However in testing, it was not available to view on any screens accessible from the Intune, AAD management screens.
Is there a screen or function where Intune administrators can see where PROVIDER_NAME_AND_VERSION is being used?
Dear Team,
I have followed rigorously your documentation to make stuff work.
But when I look at the content $userPFXObject compare to the result return by Get-IntuneUserPfxCertificate
PS C:> $userPFXObject
Id :
Thumbprint : 6ab7__removed info__62c87
IntendedPurpose : Unassigned
UserPrincipalName : removed info
StartDateTime : 24-03-23 09:28:40 +00:00
ExpirationDateTime : 24-03-24 09:28:40 +00:00
ProviderName : Microsoft Software Key Storage Provider
KeyName : PFXEncryptionKey
PaddingScheme : OaepSha512
EncryptedPfxBlob : {48, 130, 25, 207...}
EncryptedPfxPassword : ZY2gu__removed info__UO0rg==
CreatedDateTime : 11-03-24 15:01:47 +00:00
LastModifiedDateTime : 11-03-24 15:01:47 +00:00
PS C:> Get-IntuneUserPfxCertificate
Id : 3a7fb__removed info__62c87
Thumbprint : 6ab7__removed info__62c87
IntendedPurpose : Unassigned
UserPrincipalName : removed info
StartDateTime : 24-03-23 09:28:40 +00:00
ExpirationDateTime : 24-03-24 09:28:40 +00:00
ProviderName : Microsoft Software Key Storage Provider
KeyName : PFXEncryptionKey
PaddingScheme : OaepSha512
EncryptedPfxBlob : {0}
EncryptedPfxPassword :
CreatedDateTime : 11-03-24 15:01:47 +00:00
LastModifiedDateTime : 11-03-24 15:02:21 +00:00
Is-it expected that the value returned by EncryptedPfxBlob and EncryptedPfxPassword looks like empty ?
I try to import GlobalSign S/MIME Certificate but looks like I missed something...
Many thanks for your time,
@tynidev
I started seeing this issue on a newly created app registration. (Existing apps are working fine)
During this new app registration process, I can't assign Azure Active Directory Graph
API permissions to the app as mentioned in the https://docs.microsoft.com/en-us/mem/intune/protect/certificate-authority-add-scep-overview
I see a depreciation message in the Azure portal for adding API permissions and Azure Active Directory Graph
is disabled under Legacy APIs
This results in an error
Did not find service named 'ScepRequestValidationFEService' listed in Microsoft.Graph discovery service list.
Could you please provide info on how do I map Active Directory Graph > Application > ReadAll
permissions to a the new Microsoft Graph
APIs permissions?
I noticed a similar issue #85 but that was a config issue. My issue persists beyond the resolution workarounds suggested there.
IntuneScepServiceClient.java
From the documentation, I've understood that the certificate will be processed by the certificate authority after it is issued as follows:
Is this understanding correct?
*We understand that swapping 2) and 3) is a deprecated order.
① I would like to know the original processing specifications, such as the request parameter specifications and response data return conditions (what state of certificate is being returned as a response), etc., so I would like to know.
https://github.com/microsoft/Intune-Resource-Access/blob/master/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneRevocationClient.java
・CertificateAuthorityRequests/downloadRevocationRequests
Trying to use this code for SCEP issuance with Intune and EJBCA. What should the service name be to report this to Microsoft Graph since ScepRequestValidationFEService is not present?
2020-07-08 14:50:25,802 INFO [com.microsoft.intune.scepvalidation.IntuneClient] (EJB default - 7) Refreshing service map from Microsoft.Graph
2020-07-08 14:50:25,803 INFO [com.microsoft.aad.adal4j.AuthenticationAuthority] (pool-31-thread-1) [Correlation ID: d257b9f3-7e20-43b1-b1ba-3bbc44e0cd04] Instance discovery was successful
2020-07-08 14:50:25,975 DEBUG [com.microsoft.aad.adal4j.AuthenticationContext] (pool-31-thread-1) [Correlation ID: d257b9f3-7e20-43b1-b1ba-3bbc44e0cd04] Access Token was returned
2020-07-08 14:50:26,158 INFO [com.microsoft.intune.scepvalidation.IntuneClient] (EJB default - 7) Could not find endpoint for service 'ScepRequestValidationFEService'
2020-07-08 14:50:26,158 INFO [com.microsoft.intune.scepvalidation.IntuneClient] (EJB default - 7) ServiceMap:
2020-07-08 14:50:26,158 ERROR [com.microsoft.intune.scepvalidation.IntuneClient] (EJB default - 7) Did not find service named 'ScepRequestValidationFEService' listed in Microsoft.Graph discovery service list.: com.microsoft.intune.scepvalidation.IntuneServiceNotFoundException: Did not find service named 'ScepRequestValidationFEService' listed in Microsoft.Graph discovery service list.
at com.microsoft.intune.scepvalidation.IntuneClient.PostRequest(IntuneClient.java:288)
at com.microsoft.intune.scepvalidation.IntuneScepServiceClient.PostRequest(IntuneScepServiceClient.java:40)
at com.microsoft.intune.scepvalidation.IntuneScepServiceClient.Post(IntuneScepServiceClient.java:231)
at com.microsoft.intune.scepvalidation.IntuneScepServiceClient.ValidateRequest(IntuneScepServiceClient.java:121)
Full disclosure, I have never used Visual Studio. My skills lie with PowerShell with coding from VSCode. I am using the community edition of Visual Studio 17.7.3. .NET Framework version is 4.8.09032. Following the directions step-by-step, I am getting these errors during the build process. I could use some help resolving them so that I can get to importing certs into Intune:
Hi all,
I am using the tool to succesfully deploy a cert. When I run below command and logged in, but below error appeared.
I tried to login to intune as global admin but still got the error.
Please help to provide a right way to solve the problem.
thanks
PS C:\Program Files\WindowsPowerShell\Modules\PfxImportPS> Set-IntuneAuthenticationToken -AdminUserName $AdminUPN
Set-IntuneAuthenticationToken : One or more errors occurred.
At line:1 char:1
+ CategoryInfo : NotSpecified: (:) [Set-IntuneAuthenticationToken], AggregateException
+ FullyQualifiedErrorId : System.AggregateException,Microsoft.Management.Powershell.PFXImport.Cmdlets.SetAuthToken
Hi, I was advised to create an issue here after I created an Intune ticket in the Microsoft Q&A forums (https://docs.microsoft.com/en-us/answers/questions/70809/0x8010002c-request-certificate-does-not-exist-duri.html)
I am trying to integrate a Third-party CA to work with Intune SCEP to issue certificates according to https://docs.microsoft.com/en-us/mem/intune/protect/scep-libraries-apis. I am using the CsrValidation api for Java to integrate.
My issue is not really with the CsrValidation API.
I have setup the following Configuration profiles in Azure Endpoint manager:
Trusted Certificate: Computer store - Root (Root CA)
Trusted Certificate: Computer store - Intermediate (Root CA)
Trusted Certificate: Computer store - Intermediate (Intermediate CA)
SCEP Certificate: Windows 10.
All 3 Trusted Certificate Profiles are successfully deployed to the WIN10 device.
To enrol the Windows 10 Device I go to 'Settings -> Account -> Access work or school -> Connect'. The Windows UI says that the connection is successful.
However, when looking in the Windows 10 Event Viewer under 'Applications and Services Logs/Microsoft/Windows/DeviceManagement-Enterprise-Diagnostics-Provider' it gives the following two errors:
Event 307: SCEP: Failed LogError Message : (SCEPInstallCertificateWithScepHelper:Failed to Initialize SCEP enrollment with NDES Server 'http://{url}/scep/intune/pkiclient.exe', CA cert thumbprint '2FCF40...CEF1' and server )
Event 32: SCEP: Certificate enroll failed. Result: (The requested certificate does not exist.). [HRESULT: 0x8010002c]
These 2 errors occurs after the 'GetCACertChain' call has been made from the WIN10 device and the CA SCEP RA has returned the chain in PKCS#7 format containing the Root CA, Intermediate CA and the RA certificate.
The thumbprint in Event 307 is the same as the thumbprint of my Root CA.
Any ideas on what I have misconfigured to get this error?
There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.
Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.
I am verifying Intune and PKI integration, I have two questions want cofirm with you.
Could you please tell me the trigger and sequence for automatically renewing the SCEP certificate?
I confirmed that the renewal threshold (%) can be defined in the SCEP certificate profile on the Intune side, but
If the threshold is exceeded, I would like to know when the certificate will be automatically renewed and by what procedure.
Is it correct that the updated certificate name is same with the old one?
The whole bloody thing is not working in Visual Studio Code - open the SLN file and what?
When I try to run it, it tells me that it doesn't know the code language despite C# extensions are installed. What the hell do you mean with select build configuration, this does not exist.
Not able import the PS Module either, but if already the first step isn't working.
The only thing, what needs to be done is publishing a bloody certificate to a AzureAD group, but admins now need to piss around and need developer accounts, and all kind of crap - seriously?
Any other MDM solution allows you to import certificates, but not this, no, you need a degree in Visual Studio - no useful documentation on any Microsoft site, and on GitHub it is assumed you know everything....
I have the PFX file, can "install" it manually on the laptop, but can't deploy it using Intune!
Hi!
I am trying to setup a new test environment for Intune to allow us to implement the Intune Revocation workflow as described in this example
After having setup App Registration, SCEP Profile, Trusted Certificate profiles, etc. and then trying to enroll an end-user Windows 10 device, we get the following error on our server side:
2021-09-29 14:51:27.514 INFO: Refreshing service map from Microsoft.Graph 2021-09-29 14:51:27.529 INFO: [Correlation ID: 1d5d2c6b-3829-475e-86ef-e4a9dabe9e6e] Instance discovery was successful 2021-09-29 14:51:28.548 SEVERE: Request to: https://graph.windows.net/nexusgo.onmicrosoft.com/servicePrincipalsByAppId/0000000a-0000-0000-c000-000000000000/serviceEndpoints?api-version=1.6 returned: HTTP/1.1 403 Forbidden com.microsoft.intune.scepvalidation.IntuneClientHttpErrorException: {"odata.error":{"date":"2021-09-29T14:51:28","code":"Authorization_RequestDenied","requestId":"fe36e250-b195-4663-8d97-7f41161dd500","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}} at com.microsoft.intune.scepvalidation.IntuneClient.ParseResponseToJSON(IntuneClient.java:443) at com.microsoft.intune.scepvalidation.IntuneClient.RefreshServiceMap(IntuneClient.java:384) at com.microsoft.intune.scepvalidation.IntuneClient.GetServiceEndpoint(IntuneClient.java:349) at com.microsoft.intune.scepvalidation.IntuneClient.PostRequest(IntuneClient.java:285) at com.microsoft.intune.scepvalidation.IntuneScepServiceClient.PostRequest(IntuneScepServiceClient.java:40) at com.microsoft.intune.scepvalidation.IntuneScepServiceClient.Post(IntuneScepServiceClient.java:231) at com.microsoft.intune.scepvalidation.IntuneScepServiceClient.ValidateRequest(IntuneScepServiceClient.java:121) at com.nexussafe.cm.pgwy.scep.ScepIntune.modify(ScepIntune.java:66)
Does anyone know which permission we are [presumably] lacking from our App Registration to allow for this call to pass?
Trying to test each permission one by one seems like a bit much considering there are quite a few. Or is there some documentation somewhere that I have missed?
This set of permissions were not sufficient:
// Gustav Mattsson
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.