I was able to created (Teams) OnlineMeetings via graph API with my own app registration and delegated permissions using device_code flow and the /me endpoint. I left the code untouched but now, I do get a "No application access policy found for this app" [403].

As far as I know, when not using application permission - I don't need a further tenant admin setup. The code works in the same way when creating Calendar events, but fails now for OnlineMeetings.

Are there any significant changes for delegated permissions concerning the /v1.0/me/onlineMeetings endpoint? Or did my tenant admin modified something?

Snippets:

String deviceCodeResp = sendPostRequest(AUTH_ENDPOINT + "/devicecode",
        "client_id=" + CLIENT_ID +  "&scope=.Read+.ReadWrite",
        "application/x-www-form-urlencoded"
);
    
// Extract device code and message
String deviceCode = extractJsonValue(deviceCodeResp, "device_code");

// user enters usercoode on microsoft devicelogin page

String tokenResponse = sendPostRequest(AUTH_ENDPOINT + "/token",
     "grant_type=device_code" +
     "&device_code=" + deviceCode +
     "&client_id=" + CLIENT_ID,
     "application/x-www-form-urlencoded"
);
String token = extractJsonValue(tokenResponse, "access_token");

// create the meeting with the access_token
String meetingResponse = sendPostRequest(GRAPH_ENDPOINT + "/me/onlineMeetings",
    meetingJson,
    "application/json",
    token
);

I was able to created (Teams) OnlineMeetings via graph API with my own app registration and delegated permissions using device_code flow and the /me endpoint. I left the code untouched but now, I do get a "No application access policy found for this app" [403].

As far as I know, when not using application permission - I don't need a further tenant admin setup. The code works in the same way when creating Calendar events, but fails now for OnlineMeetings.

Are there any significant changes for delegated permissions concerning the /v1.0/me/onlineMeetings endpoint? Or did my tenant admin modified something?

Snippets:

String deviceCodeResp = sendPostRequest(AUTH_ENDPOINT + "/devicecode",
        "client_id=" + CLIENT_ID +  "&scope=https://graph.microsoft/User.Read+https://graph.microsoft/OnlineMeetings.ReadWrite",
        "application/x-www-form-urlencoded"
);
    
// Extract device code and message
String deviceCode = extractJsonValue(deviceCodeResp, "device_code");

// user enters usercoode on microsoft devicelogin page

String tokenResponse = sendPostRequest(AUTH_ENDPOINT + "/token",
     "grant_type=device_code" +
     "&device_code=" + deviceCode +
     "&client_id=" + CLIENT_ID,
     "application/x-www-form-urlencoded"
);
String token = extractJsonValue(tokenResponse, "access_token");

// create the meeting with the access_token
String meetingResponse = sendPostRequest(GRAPH_ENDPOINT + "/me/onlineMeetings",
    meetingJson,
    "application/json",
    token
);

• azure
• microsoft-graph-api
• microsoft-graph-teams

Share Improve this question Follow edited Mar 28 at 7:47 Andre Albert asked Mar 27 at 12:14 Andre AlbertAndre Albert 1,3961010 silver badges1717 bronze badges 6

• Can you also include how are you generating the token? – Rukmini Commented Mar 28 at 3:41
• Hi @Rukmini - I added a java snippet with the basic flow. Here sendPostRequest parameters are url, body, content-type, optional-bearerToken - access tokens are granted but don't work anymore with the /me/onlineMeetings call. I get the same error when using the official Microsoft-graph maven dependency – Andre Albert Commented Mar 28 at 7:50
• Did you try to do the same in Postman, as it works for me? – Rukmini Commented Mar 28 at 7:56
• While using delegated permissions its not neccessary to configure application policy – Rukmini Commented Mar 28 at 7:56
• Thank you @Rukmini - I did retest with postman and according with your snippets. I still get 403 No application access policy found for this app when using /me delegated permissions. I see one difference, in my azure portal - there is no green checkmark for the delegated API permission. I do get an access_code as you described, and this flow also works for other graph API resources, so I think that there were modifications from the tenant admin. The code used to work some weeks ago. I created a new app registration but got the same error. – Andre Albert Commented Mar 28 at 14:14

 |  Show 1 more comment

1 Answer 1

Sorted by: Reset to default 1

Note: If you are making using of delegated API permissions to create onlinemeetings using /me then there is no need to configure application policy.

• Cross verify if your tenant admin has configured any policy.

I tried in my environment used device code to generate access token by using below parameters:

API permissions:

POST https://login.microsoftonline/TenantID/oauth2/v2.0/devicecode

client_id: ClientID
scope: https://graph.microsoft/.default

Generated access token:

POST https://login.microsoftonline/TenantID/oauth2/v2.0/token

grant_type: urn:ietf:params:oauth:grant-type:device_code
client_id: ClientID
device_code: xxx

Using the above access token, I am able to create onlinemeetings using /me endpoint:

POST https://graph.microsoft/v1.0/me/onlineMeetings

{
  "startDateTime":"2025-07-12T14:30:34.2444915-07:00",
  "endDateTime":"2025-07-12T15:00:34.2464912-07:00",
  "subject":"User Token Meeting"
}

If still the issue persists, try to create a new Microsoft Entra ID application and pass those credentials and check.