AdministrativeUnit Extension - Access Denied

Andrew Omondi 246 Reputation points Microsoft Employee
2022-06-08T14:33:18.05+00:00

Creating an openExtenstion for an adminstativeUnit results in an Access Denied error.

Making the call to https://graph.microsoft.com/beta/administrativeUnits/{unit-id}/extensions result to the error message as shown below.

209525-172060185-c921b699-7af7-4581-81e3-cd130d922e2a.png

The user is confirmed to be a Global adminstator and the AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All permissions have been granted.

What could be going on with the request?

This is sourced from https://github.com/microsoftgraph/msgraph-beta-sdk-dotnet/issues/465

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,286 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Ackermann, Robert 1 Reputation point
    2022-06-09T11:25:11.203+00:00

    Hi please see attached the data:
    Request again:
    209894-image.png

    AccessToken:
    JWT Body
    {
    "aud" : "",
    "iss" : "https://sts.windows.net/b83fb1a0-e14e-4053-b8df-174ff59ef732/",
    "iat" : ,
    "nbf" : ,
    "exp" : ,
    "acct" : 0,
    "acr" : "1",
    "aio" : "",
    "amr" : [ "pwd" ],
    "app_displayname" : "Graph Explorer",
    "appid" : "de8bc8b5-d9f9-48b1-a8ad-b748da725064",
    "appidacr" : "0",
    "idtyp" : "user",
    "ipaddr" : "x.y.z.x",
    "name" : "admin",
    "oid" : "ee0815a3-166c-4be6-8326-38573fd3272e",
    "platf" : "3",
    "puid" : "",
    "rh" : "",
    "scp" : "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All Directory.Write.Restricted openid profile User.Read User.ReadWrite.All UserAuthenticationMethod.Read.All email",
    "sub" : "",
    "tenant_region_scope" : "EU",
    "tid" : "b83fb1a0-e14e-4053-b8df-174ff59ef732",
    "unique_name" : "",
    "upn" : "",
    "uti" : "",
    "ver" : "1.0",
    "wids" : [ "" ],
    "xms_st" : {
    "sub" : ""
    },
    "xms_tcdt" :
    }

    0 comments No comments