- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe to Topic
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
Cannot access some graph endpoints with MFA enabled accounts
With the recent requirement of enabling MFA to all global admins, we are having issues of accessing some graph API endpoints where application permissions are not supported.
E.g: https://docs.microsoft.com/en-us/graph/api/group-get-thread?view=graph-rest-1.0&tabs=http
This above endpoint supports only Delegated permissions and we were using password grant flow to obtain the access token. But after MFA enabled on the global admin it's not possible to use the global admin's credentials with the password grant flow. We are getting the below when call the token end point with password grant_type.
Is there any other workaround to access the above mentioned endpoint after enable MFA to all global admins?
{
}
Solved! Go to Solution.
- Labels:
-
CSP
-
Managed Services
-
Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
@yasitha4 you are encountering this error because the method you were using to get an access token is not compatible with an account that has MFA enabled. You will need to implement the secure application model framework to obtain an access token.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi @yasitha4 ,
I believe you haven`t finished the sentece, could you clarify what kind of error you encounter, so we can point you in the right direction ? (:
Thanks a lot,
Andra
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
Thank you for the response. Sorry, some how the question is updated partially when I publish. I have updated the question again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
@yasitha4 you are encountering this error because the method you were using to get an access token is not compatible with an account that has MFA enabled. You will need to implement the secure application model framework to obtain an access token.
