For Updating user profile in Azure through MS Graph, do i have to be global admin?

1
votes

I am trying to update user profile using MS Graph.

Scopes: All are delegated permissions : "scp": "Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All Group.Read.All Group.ReadWrite.All User.Invite.All User.Read User.ReadBasic.All User.ReadWrite User.ReadWrite.All"

My Directory role is : Application administrator, Application developer.

Error I am getting: "Authorization_requestDenied . Insufficient privileges to complete the operation".

Inspite of having all permissions , why I am still getting this error , is it because I am not a global administrator ?

2
azureazure-active-directorymicrosoft-graph-api

2 Answers

0
votes

If you want to update user using MS Graph, you need the related permissions in the following:

enter image description here

When updating the password Profile property, the following permission is required: Directory.AccessAsUser.All.

For details, you can refer to this docs

-1
votes

I would like to post the solution for this , in case anyone encountered same scenario.

  1. The Graph I am trying to use is by user impersonation. So because it was acting on user behalf i have to give only delegated permissions.

  2. Once delegated permissions are given, the user signing in should have user administrator role to edit profiles. Ensure you have user administrator role.

Hope it helps !