Sudenly Authorization_denied error when DELETE user with Graph API

Calderara Serge 46 Reputation points

Dear all,

Does MS guys could help in this we are stuck for a while

Since a full year now we have used MS graph API to handle user account in our Active directory through scripting.
We are creating new account , updating an acount, add account to groups and Delete accounts

Until now all was working without any trouble

Since last week we notice that the DELETE operation using Graph api was not working anymore for some reason and return the following error :

"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2022-10-18T12:55:27",
"request-id": "f21b7f4c-19c6-4183-b55a-cbd01e7ab103",
"client-request-id": "f21b7f4c-19c6-4183-b55a-cbd01e7ab103"

By cross checking MSGraph Api documentation on the DELETE operation all our permission are correct and do not see why WITHOUT ANY CHANGE in our side on this it suddenly stop to work.

The following is our current configuration


What could be the reason ?

Thanks for help on solving this as we have many internal scripts which stopped working due to that


Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,038 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Zehui Yao_MSFT 5,846 Reputation points

    Hi @Calderara Serge , based on my tests, you may be trying to delete some accounts with special roles so this leads to privilege issues. In my tests, the same error occurred when I used client credentials flow to get authentication and then used the API to delete the account that was granted the role.

    You can grant your app the global administrator role in AD.portal to solve the problem of privileges. Hope this can help, wish you all the best.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.