![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
Thanks for your time and patience. From above descriptions it seems like you are trying to change user properties via AAD hosted function API.
To manage Global administrator user, the service / user account must have GA role assigned. A "user administrator" is the role with which you could manage all other users within the directory.
Since you are using Azure function API you must have given graph application User.ReadWrite.All permissions.
With the User.ReadWrite.All delegated or application permission, updating another user's businessPhones, mobilePhone or otherMails is only allowed on users who are non-administrators or assigned one of the following roles: Directory Readers, Guest Inviter, Message Center Reader and Reports Reader. For more details, see Helpdesk (Password) Administrator in Azure AD available roles.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.