I am trying to access managed devices for a particular user. I have written a code which uses web app to get the authentication code.I am able to see all the users as well as a particular user. But when I try to access the managed devices for user I get 401 unauthorized error. I have checked all the permissions are granted to web app created in azure portal for Microsoft Graph. Here is my code:-

try {
    String access_token = getAccessToken();
    String url_str = "https://graph.microsoft.com/v1.0/users/{user name here}/managedDevices/";

    url = new URL(url_str);
    con = ( HttpURLConnection )url.openConnection();
    con.setDoInput(true);
    con.setDoOutput(true);
    con.setUseCaches(false);
    con.setRequestMethod("GET");
    con.setRequestProperty("Authorization", access_token);
    con.setRequestProperty("Accept","application/json");
    con.connect();

    br = new BufferedReader(new InputStreamReader( con.getInputStream() ));
    String str = null;
    String line;
    while((line = br.readLine()) != null) {
        str += line;
    }
    System.out.println(str);
} catch (Exception e) {
    e.printStackTrace();
}

Token Retrieval Code :-

private String getAccessToken() {
    String accessToken = "";
    try {
        ExecutorService service = Executors.newFixedThreadPool(1); 
        String authorization_url = "https://login.microsoftonline.com/" + Authentication_Constants.TENANT + "/oauth2/authorize/";
        AuthenticationContext authContext = new AuthenticationContext(authorization_url, false, service);
        ClientCredential clientCred = new ClientCredential(Authentication_Constants.CLIENTID, Authentication_Constants.SECRET);
        Future<AuthenticationResult>  future = authContext.acquireToken(Authentication_Constants.RESOURCE, clientCred, null);
        AuthenticationResult authResult = future.get();
        accessToken = authResult.getAccessToken();
    } catch (Exception ex) {
        System.out.println(ex.getLocalizedMessage());
    }
    return accessToken;
}

Is there anything I am missing? Thanks!

I work on the Microsoft Intune team, specifically on the integration between Microsoft Intune and Microsoft Graph.

From the looks of the code you give above it looks like you are trying to use app-only credentials to access the API, at the moment the Microsoft Intune APIs only support the use of app+user credentials (i.e. Delegated permissions). In order to access these APIs you will need to authenticate as a user.

If you take a look at the Microsoft Graph permissions reference for Intune all the permissions are listed as Delegated permissions which require app+user credentials.

If you need to have app-only access to Intune APIs I would recommend adding comments on your scenario on the Microsoft Intune Feedback site under this item.

Thanks

Peter