extension attributes for ad user in azure active directory using Microsoft.Graph

0
votes

Hi I am trying to add extension property to azure ad user using Microsoft.Graph package.

   var schema = new SchemaExtension()
                    {
                        Id = "Location",
                        TargetTypes = new List<string> { "User" },
                        Description = "DescribesLocation",
                        Properties = new List<ExtensionSchemaProperty>() { new ExtensionSchemaProperty { Name = "LocationCode", Type = "String" } }
                    };

                    var result = graphClient.SchemaExtensions.Request().AddAsync(schema).Result;

I have created a daemon application in azure ad registered applications and given below permissions to the application

  1. Directory.Read.All
  2. Directory.ReadWrite.All
  3. User.Invite.All
  4. User.Read
  5. User.Read.All
  6. User.ReadWrite.All
  7. Group.Read.All
  8. Group.ReadWrite.All

I am getting error message as Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. What other permissions are required for this operation and which permissions are not required?

1
azuremicrosoft-graph-apimicrosoft-graph-sdks

1 Answers

0
votes

You need the Directory.AccessAsUser.All permission. Here are some test cases that you may find useful.