Microsoft Graph API backend incorrectly translates microsoft.graph.mobileLobApp to microsoft.management.services.api.mobileLobApp

[Drashti-Patel]

Describe the bug

The Microsoft Graph API beta endpoint has a backend translation bug where requests to microsoft.graph.mobileLobApp are incorrectly translated to microsoft.management.services.api.mobileLobApp, causing file upload operations to fail.

Actual behavior
The API returns error showing the URL was translated incorrectly:

Url: https://proxy.amsub0102.manage.microsoft.com/AppLifecycle_2509/StatelessAppMetadataFEService/deviceAppManagement/mobileApps('app-id')/microsoft.management.services.api.mobileLobApp/contentVersions('1')/files?api-version=5025-07-11

Error Response:

{
  "error": {
    "code": "BadRequest",
    "message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000"
  }
}

Environment

• API Version: beta
• Authentication: Service Principal with DeviceManagementApps.ReadWrite.All permissions
• Endpoint: https://graph.microsoft.com/beta/deviceAppManagement/mobileApps

Additional context

• Step 1 (app creation) works correctly
• Step 2 (content version creation) works correctly
• Step 3 (file creation) fails due to backend URL translation
• This affects automated CI/CD deployments to Microsoft Intune
• Issue occurs consistently across different service principals and tenants

Request-ID examples:

• 76d33f48-63c0-432b-8391-8c0404ab2da4
• 8caa33a3-c0eb-4f1b-b287-1548dfa7e35c

Expected behavior

The API should accept the request and create the file entry successfully.

How to reproduce

1. Create an Android LOB app via POST /beta/deviceAppManagement/mobileApps
2. Create content version via POST /beta/deviceAppManagement/mobileApps/{id}/microsoft.graph.mobileLobApp/contentVersions
3. Attempt to create file via POST /beta/deviceAppManagement/mobileApps/{id}/microsoft.graph.mobileLobApp/contentVersions/{version}/files

SDK Version

No response

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

I'm trying to implement github actions for uploading android application in microsoft intune. below are the logs:

Run set -e
set -e

echo "🔐 Getting access token directly (bypassing Azure CLI subscription check)..."
TOKEN_RESPONSE=$(curl -s -X POST "https://login.microsoftonline.com/$AZURE_TENANT_ID/oauth2/v2.0/token"
-H "Content-Type: application/x-www-form-urlencoded"
-d "client_id=$AZURE_CLIENT_ID"
-d "client_secret=$AZURE_CLIENT_SECRET"
-d "scope=https://graph.microsoft.com/.default"
-d "grant_type=client_credentials")

TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token // empty')
if [ -z "$TOKEN" ]; then
echo "❌ Failed to get token:"
echo "$TOKEN_RESPONSE" | jq '.'
exit 1
fi
echo "✅ Access token acquired successfully!"

VERSION_NAME=2.0.0
VERSION_CODE=2

echo "🚀 Uploading app to Microsoft Intune..."
echo "📱 App: Tulkkaussovellus Hyvaks v$VERSION_NAME"
echo "📋 Package: com.oma.tulkkaaks.staging"
echo "📄 File: app/build/outputs/bundle/stagingRelease/app-staging-release.aab"

echo "🔧 Using direct REST API calls..."

Step 1: Create app

echo "📦 Step 1: Creating app..."
APP_RESPONSE=$(curl -s -X POST "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d "{
"@odata.type": "#microsoft.graph.androidLobApp",
"displayName": "Tulkkaussovellus Hyvaks v$VERSION_NAME",
"description": "Staging v$VERSION_NAME (code $VERSION_CODE)",
"publisher": "Hyvaks",
"packageId": "com.oma.tulkkaaks.staging",
"fileName": "app-staging-release.aab",
"versionName": "$VERSION_NAME",
"versionCode": "$VERSION_CODE",
"minimumSupportedOperatingSystem": {
"@odata.type": "microsoft.graph.androidMinimumOperatingSystem",
"v8_0": true
}
}")

APP_ID=$(echo "$APP_RESPONSE" | jq -r '.id // empty')
if [ -z "$APP_ID" ]; then
echo "❌ App creation failed:"
echo "$APP_RESPONSE" | jq '.'
exit 1
fi
echo "✅ App created with ID: $APP_ID"

Wait for app to be ready

sleep 10

Step 2: Create content version

echo "📦 Step 2: Creating content version..."
CONTENT_RESPONSE=$(curl -s -X POST
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d '{}')

CONTENT_VERSION=$(echo "$CONTENT_RESPONSE" | jq -r '.id // empty')
if [ -z "$CONTENT_VERSION" ]; then
echo "❌ Content version creation failed:"
echo "$CONTENT_RESPONSE" | jq '.'
exit 1
fi
echo "✅ Content version: $CONTENT_VERSION"

Step 3: Create file entry - USE SAME PATTERN AS STEP 2

FILE_SIZE=$(stat --format=%s "app/build/outputs/bundle/stagingRelease/app-staging-release.aab")
echo "📦 Step 3: Creating file entry (size: $FILE_SIZE bytes)..."

echo "🔄 Using same URL pattern that worked for content version..."
FILE_RESPONSE=$(curl -s -X POST
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions/$CONTENT_VERSION/files"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d "{
"@odata.type": "#microsoft.graph.mobileAppContentFile",
"name": "app-staging-release.aab",
"size": $FILE_SIZE,
"sizeEncrypted": $FILE_SIZE,
"manifest": null
}")

echo "🔍 File creation response:"
echo "$FILE_RESPONSE" | jq '.'
FILE_ID=$(echo "$FILE_RESPONSE" | jq -r '.id // empty')

if [ -z "$FILE_ID" ]; then
echo "❌ File creation failed. Response:"
echo "$FILE_RESPONSE" | jq '.'

# Check if it's the known API translation bug
if echo "$FILE_RESPONSE" | grep -q "microsoft.management.services.api"; then
  echo ""
  echo "🚨 MICROSOFT API TRANSLATION BUG DETECTED!"
  echo "Your request: microsoft.graph.mobileLobApp"
  echo "Microsoft received: microsoft.management.services.api.mobileLobApp"
  echo ""
  echo "This is a confirmed Microsoft Graph API backend bug."
  echo "The app was created successfully but file upload fails due to API translation issues."
  echo ""
  echo "✅ Your app exists in Intune with ID: $APP_ID"
  echo "💡 You can complete the upload manually through Intune Admin Center"
  echo "🔗 https://intune.microsoft.com/#blade/Microsoft_Intune_Apps/AppsMenu"
fi
exit 1

fi

echo "✅ File entry created: $FILE_ID"

Step 4: Get upload URL - USE SAME PATTERN

echo "📦 Step 4: Getting upload URL..."
for i in {1..20}; do
echo "📍 Polling for upload URL (attempt $i)..."
FILE_STATE=$(curl -s -X GET
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions/$CONTENT_VERSION/files/$FILE_ID"
-H "Authorization: ***")

UPLOAD_URL=$(echo "$FILE_STATE" | jq -r '.azureStorageUri // empty')

if [ -n "$UPLOAD_URL" ]; then
  echo "✅ Upload URL found!"
  echo "🔗 Upload URL: ${UPLOAD_URL:0:50}..."
  break
fi

echo "🔄 Attempt $i: waiting for upload URL..."
sleep 3

done

if [ -z "$UPLOAD_URL" ]; then
echo "❌ Upload URL not available after 20 attempts"
echo "Final file state:"
echo "$FILE_STATE" | jq '.'
exit 1
fi

Step 5: Upload file

echo "📦 Step 5: Uploading file to Azure Storage..."
UPLOAD_RESULT=$(curl -w "\nHTTP_CODE:%{http_code}" -X PUT "$UPLOAD_URL"
--upload-file "app/build/outputs/bundle/stagingRelease/app-staging-release.aab"
-H "x-ms-blob-type: BlockBlob"
-H "Content-Type: application/octet-stream")

echo "Upload result: $UPLOAD_RESULT"

if [[ $UPLOAD_RESULT == "HTTP_CODE:20" ]] || [[ $UPLOAD_RESULT == "HTTP_CODE:201" ]]; then
echo "✅ File uploaded successfully!"
else
echo "❌ Upload failed!"
exit 1
fi

Step 6: Commit file - USE SAME PATTERN

echo "📦 Step 6: Committing file..."
COMMIT_RESPONSE=$(curl -s -X POST
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions/$CONTENT_VERSION/files/$FILE_ID/commit"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d "{
"fileEncryptionInfo": {
"encryptionKey": "",
"macKey": "",
"initializationVector": "",
"mac": "",
"profileIdentifier": "ProfileVersion1",
"fileDigest": "",
"fileDigestAlgorithm": "SHA256"
}
}")

echo "🔍 File commit response:"
echo "$COMMIT_RESPONSE" | jq '.'
echo "✅ File committed!"

Step 7: Commit content version - USE SAME PATTERN

echo "📦 Step 7: Committing content version..."
COMMIT_VERSION_RESPONSE=$(curl -s -X POST
"https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$APP_ID/microsoft.graph.mobileLobApp/contentVersions/$CONTENT_VERSION/commit"
-H "Authorization: ***"
-H "Content-Type: application/json"
-d '{}')

echo "🔍 Content version commit response:"
echo "$COMMIT_VERSION_RESPONSE" | jq '.'
echo "✅ Content version committed!"

echo "🎉 SUCCESS! App uploaded to Microsoft Intune!"
echo "📱 App ID: $APP_ID"
echo "📋 Check your Intune admin center for the new app!"
shell: /usr/bin/bash -e {0}
env:
VARIANT: staging
AAB_PATH: app/build/outputs/bundle/stagingRelease/app-staging-release.aab
FILE_NAME: app-staging-release.aab
PACKAGE_ID: com.oma.tulkkaaks.staging
JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.16-8/x64
JAVA_HOME_17_X64: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.16-8/x64
AZURE_CLIENT_ID: ***
AZURE_CLIENT_SECRET: ***
AZURE_TENANT_ID: ***
🔐 Getting access token directly (bypassing Azure CLI subscription check)...
✅ Access token acquired successfully!
🚀 Uploading app to Microsoft Intune...
📱 App: Tulkkaussovellus Hyvaks v2.0.0
📋 Package: com.oma.tulkkaaks.staging
📄 File: app/build/outputs/bundle/stagingRelease/app-staging-release.aab
🔧 Using direct REST API calls...
📦 Step 1: Creating app...
✅ App created with ID: bab9c369-043f-4404-8bfd-7d68b8bfe377
📦 Step 2: Creating content version...
✅ Content version: 1
📦 Step 3: Creating file entry (size: 32827883 bytes)...
🔄 Using same URL pattern that worked for content version...
🔍 File creation response:
{
"error": {
"code": "BadRequest",
"message": "{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 76d33f48-63c0-432b-8391-8c0404ab2da4 - Url: https://proxy.amsub0102.manage.microsoft.com/AppLifecycle_2509/StatelessAppMetadataFEService/deviceAppManagement/mobileApps('bab9c369-043f-4404-8bfd-7d68b8bfe377')/microsoft.management.services.api.mobileLobApp/contentVersions('1')/files?api-version=5025-07-11\",\r\n "CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}",
"innerError": {
"date": "2025-09-22T14:01:33",
"request-id": "76d33f48-63c0-432b-8391-8c0404ab2da4",
"client-request-id": "76d33f48-63c0-432b-8391-8c0404ab2da4"
}
}
}
❌ File creation failed. Response:
{
"error": {
"code": "BadRequest",
"message": "{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 76d33f48-63c0-432b-8391-8c0404ab2da4 - Url: https://proxy.amsub0102.manage.microsoft.com/AppLifecycle_2509/StatelessAppMetadataFEService/deviceAppManagement/mobileApps('bab9c369-043f-4404-8bfd-7d68b8bfe377')/microsoft.management.services.api.mobileLobApp/contentVersions('1')/files?api-version=5025-07-11\",\r\n "CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}",
"innerError": {
"date": "2025-09-22T14:01:33",
"request-id": "76d33f48-63c0-432b-8391-8c0404ab2da4",
"client-request-id": "76d33f48-63c0-432b-8391-8c0404ab2da4"
}
}
}
🚨 MICROSOFT API TRANSLATION BUG DETECTED!
Your request: microsoft.graph.mobileLobApp
Microsoft received: microsoft.management.services.api.mobileLobApp
This is a confirmed Microsoft Graph API backend bug.
The app was created successfully but file upload fails due to API translation issues.
✅ Your app exists in Intune with ID: bab9c369-043f-4404-8bfd-7d68b8bfe377
💡 You can complete the upload manually through Intune Admin Center
🔗 https://intune.microsoft.com/#blade/Microsoft_Intune_Apps/AppsMenu
Error: Process completed with exit code 1.

Configuration

No response

Other information

No response

[gavinbarron]

It looks like you're try to raise an issue with a specific Microsoft Graph API.

This repo is specifically for Microsoft Graph PowerShell, Your repro steps use CURL which indicates that this is an issue with the underlying HTTP API and not the PowerShell module.

I'm leaving this open until we can forward it to the owning team