cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Distribution to Intune failed Code: UnknownError

Hi all,

I am attempting to distribute an application to Intune. I have the Intune server set up per the documentation (allowing the AdminStudio program) and the connection configured and tested successfully in AdminStudio to our Intune server.  When I try to distribute, I see the following error message:

Message: {"ErrorCode":"Forbidden","Message":"{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred
- Operation ID (for customer support): 00000000-0000-0000-0000-000000000000
- Activity ID: 622b47c8-ebc2-4b5e-a568-7780aabe403f
- Url: https://fef.msua02.manage.microsoft.com/AppLifecycle_2403/StatelessAppMetadataFEService/deviceAppManagement/mobileApps?api-version=2023-08-02\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{\\\"WWW-Authenticate\\\":\\\"Bearer realm=\\\\\\\"urn:intune:service,9225b241-44e1-44a8-8bfe-c10e39177505,3e9c57b9-808d-4aa0-9500-4b2d369279e7\\\\\\\"\\\"}\"\r\n}","Target":null,"Details":null,"InnerError":null,"InstanceAnnotations":[]}
Inner error:
AdditionalData:
date: 2024-04-15T14:35:36
request-id: 622b47c8-ebc2-4b5e-a568-7780aabe403f
client-request-id: 622b47c8-ebc2-4b5e-a568-7780aabe403f
ClientRequestId: 622b47c8-ebc2-4b5e-a568-7780aabe403f

Any help would be appreciated.

Thanks,

Steve 

(1) Solution

To close this thread ... This is the part we missed in Intune:

  1. The next step to provide API access to newly registered application - AdminStudio. Click on API permissions on the left pane and Add a permission -> Choose Microsoft Graph -> Application Permissions -> Under DeviceManangementApps choose DeviceManagementApps.ReadWrite.All and click Add permissions
  1. This step is required only if you choose to authenticate using User Account in AdminStudio. On the newly registered application - AdminStudio, click on Manifest on the left pane and set allowPublicClient property to true, if it is not set already

View solution in original post

(2) Replies
StevenW
By Level 4 Flexeran
Level 4 Flexeran

 @SteveBaird I have reached out on the related case, if you have any queries please let me know.

To close this thread ... This is the part we missed in Intune:

  1. The next step to provide API access to newly registered application - AdminStudio. Click on API permissions on the left pane and Add a permission -> Choose Microsoft Graph -> Application Permissions -> Under DeviceManangementApps choose DeviceManagementApps.ReadWrite.All and click Add permissions
  1. This step is required only if you choose to authenticate using User Account in AdminStudio. On the newly registered application - AdminStudio, click on Manifest on the left pane and set allowPublicClient property to true, if it is not set already