Permissions to update AAD user email

Gregor Anton Grinč 171 Reputation points
2023-07-26T10:40:33.36+00:00

Hello,

I am creating a custom role and I want users that are going to be assigned this role to be able to edit email in AAD user properties. However, I do not fully understand what kind of privilege I need to assign to this custom role.

So far I have read on profile categories:

Screenshot 2023-07-26 at 12.35.40

I guess that email should be categorized under contact info since it is contact information. Therefore I have assigned these permissions to the custom role:

Screenshot 2023-07-26 at 12.30.34

Even though I have assigned contactinfo/update permission I still get this error message when I try to assign an email address to the user.

Screenshot 2023-07-26 at 12.29.41

Screenshot 2023-07-26 at 12.29.25

Do you have an idea what could be wrong here? What am I missing?

Thank you

Gregor

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,193 questions
{count} votes

Accepted answer
  1. Andy David - MVP 152.3K Reputation points MVP
    2023-07-26T11:07:19.9566667+00:00

    Ok, you would not generally want to enter email addresses in Azure AD for members in the portal or using Azure mgmt tools. Once you enter that, you wont be able to modify it. Email Addresses should be managed on the #65 / Exchange Online side.

    Giving a user Recipient Manager perms in Exchange Online is the canned role to allow that.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.