Describe the bug
When attempting to retrieve case members from the eDiscovery Security API endpoint https://graph.microsoft.com/v1.0/security/cases/ediscoveryCases/[caseId]/caseMembers using the Microsoft Graph .NET SDK, the API returns a 401 Unauthorized response even when the application has the correct permissions.
Problem:
The CaseMembers.GetAsync() endpoint on an eDiscovery case requires the ediscovery.read.all permission, but the permission validation appears to be rejecting the request despite the permission being granted. This forces applications to catch and suppress the 401 error, leaving case member data unavailable. Documentation suggests this should be supported - https://learn.microsoft.com/en-us/graph/api/security-ediscoverycasemember-list?view=graph-rest-1.0&tabs=http#permissions
Expected behavior
The API should return a 200 OK response with the list of case members when the application has the ediscovery.read.all permission granted.
How to reproduce
Steps to Reproduce:
- Register an application in Azure Entra with
ediscovery.read.all permission granted (both delegated and app-only scopes).
- Authenticate with
WithAppOnly() option
- Call the
CaseMembers.GetAsync()] method on a case:
- Observe: 401 Unauthorized response is received
try
{
var page = await GraphClient.Security
.Cases
.EdiscoveryCases[caseId]
.CaseMembers.GetAsync(r => r.Options.WithAppOnly(), cancellationToken);
}
catch (Microsoft.Graph.Models.ODataErrors.ODataError e)
when (e.ResponseStatusCode == (int)System.Net.HttpStatusCode.Unauthorized)
{
throw
}SDK Version
5.103.0 / latest - this has happened since feature was released
Latest version known to work for scenario above?
No response
Known Workarounds
Delegated permissions, but that's generally not a viable options for headless applications.
Debug output
Click to expand log
```
</details>
### Configuration
N/A
### Other information
This appears to be either:
* A bug in the Microsoft Graph API permission validation for the `CaseMembers` endpoint
* An SDK issue where the permission requirement is not being correctly communicated to the Graph API
Please clarify the correct permission requirement or fix the endpoint's permission validation.
Describe the bug
When attempting to retrieve case members from the eDiscovery Security API endpoint
https://graph.microsoft.com/v1.0/security/cases/ediscoveryCases/[caseId]/caseMembersusing the Microsoft Graph .NET SDK, the API returns a401 Unauthorizedresponse even when the application has the correct permissions.Problem:
The
CaseMembers.GetAsync()endpoint on an eDiscovery case requires theediscovery.read.allpermission, but the permission validation appears to be rejecting the request despite the permission being granted. This forces applications to catch and suppress the 401 error, leaving case member data unavailable. Documentation suggests this should be supported - https://learn.microsoft.com/en-us/graph/api/security-ediscoverycasemember-list?view=graph-rest-1.0&tabs=http#permissionsExpected behavior
The API should return a 200 OK response with the list of case members when the application has the
ediscovery.read.allpermission granted.How to reproduce
Steps to Reproduce:
ediscovery.read.allpermission granted (both delegated and app-only scopes).WithAppOnly()optionCaseMembers.GetAsync()]method on a case:SDK Version
5.103.0 / latest - this has happened since feature was released
Latest version known to work for scenario above?
No response
Known Workarounds
Delegated permissions, but that's generally not a viable options for headless applications.
Debug output
Click to expand log
```