I am using the following code to update the label on a M365 group:
$appid = "00-5269-40e5-b077-blaaa"
$tenantid = "00-5624-44cc-b2bc-00"
$secret = "375624~j"
$body = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $appid
Client_Secret = $secret
}
$connection = Invoke-RestMethod `
-Uri https://login.microsoftonline.com/$tenantid/oauth2/v2.0/token `
-Method POST `
-Body $body
$token = $connection.access_token
Connect-MgGraph -AccessToken $token
$assignedLabels = @(
@{"LabelId"="ee8bd8b1-0e71-42bc-b2f4-9b3308540334"}
)
Update-MgGroup -GroupId 062179bc-55b3-45bb-8432-c97e2c243603 -AssignedLabels $assignedLabels
It works if I update e.g. DisplayName:
Update-MgGroup -GroupId 6247f0e9-e9b2-461c-bd8e-0559abc68133 -DisplayName "ChangedDisplayName"
but with the label I get:
Update-MgGroup : {
"@odata.context":"https://substrate.office.com:444/CompliancePolicy/$metadata#Microsoft.Exchange.Compliance.Policy.Environment.MicrosoftGraphException","error":{
"code":"Unauthorized","message":"App-only token is not supported.","innerError":{
"request-id":"6276e374-eb02-427a-822c-d704a8295a89","date":null
Am I missing some permissions? Should I use a different command? Or assign a Graph some permission to my app id?