Authorization_RequestDenied error when using Microsoft Graph API to add user(s) to a group

One may receive the following 403 error when using Microsoft Graph API to add a user to a group: MS Graph Request:POST https://graph.microsoft.com/v1.0/groups/<Group Object ID>/members/$refRequest body:{ “@odata.id”: “https://graph.microsoft.com/v1.0/directoryObjects/<User Object ID>”}Response:{ “error”: { “code”: “Authorization_RequestDenied”, “message”: “Insufficient privileges to complete the operation.”, “innerError”: { “date”: “2024-05-07T15:39:39”, “request-id”: “aa324f0f-b4a3-4af6-9c4f-996e195xxxx”, “client-request-id”: “aa324f0f-b4a3-4af6-9c4f-996e1959074e” } }} Below are some guidelines for resolving the error Check group type: There are different types of groups and not…

Read More

Microsoft Graph: Why you cannot call the “me” endpoint with a token acquired via the client credentials grant flow

Introduction Microsoft Graph has a couple of primary ways you can get information about a user in Azure AD. This not only includes things like the user attributes but also groups the user is a member of, access to mail, and etc. Each endpoint does require specific permissions but generally speaking, a user can get the basic information about him/herself via the “me” endpoint. The “me” endpoint From our docs…

Read More

Graph Query to get B2B user using User Principal Name (UPN)

If you are using Microsoft Graph API Query to fetch B2B user using UPN, and experiencing below shown error: Query: https://graph.microsoft.com/v1.0/users/example_gmail.com#EXT#@example.onmicrosoft.com Response: {   ‘error’: {     ‘code’: ‘Request_ResourceNotFound’,     ‘message’: ‘Resource ‘*******’ does not exist or one of its queried reference-property objects are not present.’,     ‘innerError’: {       ‘request-id’: ‘8f390389-b9c6-4f6b-93ba-c531b3d7d595’,       ‘date’: ‘2019-12-05T23:55:40’     }   } } Well, here is the fix: You will need to encode…

Read More

Segment Users in Azure AD

If you have been using Microsoft Graph API to add or modify users in Azure Active Directory (Azure AD) you may have noticed that when you create a new user it lives with all the other users, some of which may have nothing to do with your application. Ideally, you may want a sub-directory or business unit of sorts. Fortunately, there are ways to segment these users in a more…

Read More

How to Use the ADAL .NET library to Call the Microsoft Graph API in a Console Application (Using Authorization Code Flow)

Introduction This post is to show how to use the ADAL .NET library to acquire a token interactively in a console application. It will go through setting up an Azure Active Directory Application, setting up the .net console application, acquiring an access token, and then make a HTTP request using the token acquired from the ADAL .net library to get 5 users using the Microsoft Graph API.   Setting up your…

Read More