New-MgUserAuthenticationTemporaryAccessPassMethod_CreateExpanded1: Request Authorization failed

Getting this unhelpful error message when following the official docs and trying to create a Temporary Access Pass via PowerShell?

New-MgUserAuthenticationTemporaryAccessPassMethod_CreateExpanded1: Request Authorization failed

1	New-MgUserAuthenticationTemporaryAccessPassMethod_CreateExpanded1: Request Authorization failed

You’ve come to the right place for the fix!

This is because the Graph PowerShell enterprise app in Azure AD doesn’t have the admin consent for the correct scope.

First you need to identify the scopes you need. If it’s just to create Temporary Access Passes then what you need is UserAuthenticationMethod.ReadWrite.All. If it’s to get and set Temporary Access Pass policies (not the above cmdlet, but you might as well add this scope if you wish to explore things further) then the scopes you need are "Policy.Read.All, Policy.ReadWrite.AuthenticationMethod".

Once you identify these, connect to Graph with a request for these scopes. This must be done by the Global Admin (or Application Admin too). For example:

Connect-MgGraph -UseDeviceAuthentication -Scopes "Policy.Read.All, Policy.ReadWrite.AuthenticationMethod, UserAuthenticationMethod.ReadWrite.All"

1	Connect-MgGraph -UseDeviceAuthentication -Scopes "Policy.Read.All, Policy.ReadWrite.AuthenticationMethod, UserAuthenticationMethod.ReadWrite.All"

In the resulting window do an admin consent.

Do for the whole org so all other admins can use this, provided they have the correct role.

Now New-MgUserAuthenticationTemporaryAccessPassMethod will work with no errors.