This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
The Graph connector agent has failed to register due to insufficient permissions. I have set all the suggested App registration permissions and I can ping the Azure, Entra and Powerapp portals from the SQL Server 2022 Express on Windows 2025 but still no luck.
Please Help
Building and customizing solutions using Microsoft 365 Copilot APIs and tools
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 24%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Thanks for bringing this issue to our attention. We will check and update you soon.
Answer recommended by moderator
Ok, Removed the Delegated permissions and added them back as Application permissions .... that worked!!!!
Weird, I can query the App in Microsoft Graph Explorer by Object ID and it even returns the App ID but I cannot query the App by the App ID from the Server with the Connector .....
I added "Cloud Application Administrator" to the Registering Accounts Role and still the same error ...
Hello,
I already granted the App the following API permissions:
And the account used to register the Connector has the following permissions:
Please assist or escalate accordingly.
Hi Kevin, the error is coming up because the app you created in Entra ID (Azure AD) doesn’t have the right Microsoft Graph permissions needed by the Graph connector agent. Even if you already added some, the agent specifically requires ExternalItem.ReadWrite.OwnedBy so it can create and update external items, and Directory.Read.All so it can read directory ACLs (needed when connections use Access Control Lists). You’ll need to go into the app registration, add these API permissions under Microsoft Graph, and then make sure you grant admin consent. Without admin consent, the permissions won’t actually take effect. Once that’s done, restart the agent registration and it should work.
🔗 Relevant Microsoft docs:
Thanks,
Karan Shewale.
*************************************************************************
If the response is helpful, please click "Accept Answer" and upvote it. You can share your feedback Microsoft Copilot Developer Community Response Feedbacklink. Click here Escalation for Microsoft Teams Developer Community response
to escalate.