Share via

How to fix 403 forbidden error when application add guest user into Microsoft Team?

Sorasit Paethong 20 Reputation points
2023-10-06T06:23:01.65+00:00

Hi,

We are using Azure Function PowerShell to host application.

Our application uses Managed Identity to authenticate with Microsoft Teams.

We already assign Application permission based on this document.

https://learn.microsoft.com/en-us/graph/api/team-post-members?view=graph-rest-1.0&tabs=http#permissions

User's image

However, website said it does not support Application permission so, There is any solution instead of using Delegates permission?

Error message (in case if needed)

2023-10-06T05:33:50Z   [Error]   ERROR: [Forbidden] : An unknown error has occurred.

Exception             : 
    Type    : System.Exception
    Message : [Forbidden] : An unknown error has occurred.
    HResult : -2146233088
TargetObject          : { TeamId = 3bf7a8ad-2af3-461d-a436-c1e28f42bc3d, body = Microsoft.Graph.PowerShell.Models.MicrosoftGraphConversationMember }
CategoryInfo          : InvalidOperation: ({ TeamId = 3bf7a8ad…onversationMember }:<>f__AnonymousType3`2) [New-MgTeamMember_Create], Exception
FullyQualifiedErrorId : Forbidden,Microsoft.Graph.PowerShell.Cmdlets.NewMgTeamMember_Create
ErrorDetails          : An unknown error has occurred.
                        
                        Status: 403 (Forbidden)
                        ErrorCode: Forbidden
                        Date: 2023-10-06T05:33:47
                        
                        Headers:
                        Transfer-Encoding             : chunked
                        Vary                          : Accept-Encoding
                        Strict-Transport-Security     : max-age=31536000
                        request-id                    : 18401305-3255-498b-b3ba-17c720c49ea3
                        client-request-id             : f681d73f-331c-43f7-8d44-98e1d4ee9928
                        x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"Japan East","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"TYO1EPF00004429"}}
                        Date                          : Fri, 06 Oct 2023 05:33:46 GMT
                        
                        
InvocationInfo        : 
    MyCommand        : New-MgTeamMember_Create
    ScriptLineNumber : 91
    OffsetInLine     : 13
    HistoryId        : 1
Microsoft Security Microsoft Graph
Microsoft Teams Microsoft Teams for business Other
0 comments
Accepted answer
  1. Vasil Michev 119.5K Reputation points MVP Volunteer Moderator
    2023-10-06T15:31:56.4633333+00:00

    You can add the guest user to the underlying Microsoft 365 Group instead, that operation is supported for app permissions.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-10-06T07:41:33.8033333+00:00

    Hi @Sorasit Paethong

    Teams tag is mainly focused on the general issue of Microsoft Teams troubleshooting. According to your description, your question is related to Graph API, which is not in our support scope. To better help you solve the problem, please add Graph API tag to your post.The following suggestion is just for your reference:

    https://techcommunity.microsoft.com/t5/apps-on-azure-blog/manage-azure-resources-using-powershell-function-app-with/ba-p/3099282

    https://learn.microsoft.com/en-us/microsoftteams/teams-powershell-application-authentication

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.