Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
How to solve "Insufficient privileges to complete the operation" error when attempting to change a user via Azure REST API?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 8%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Jakob Semere
0
Reputation points
I received an error message in response to my attempt to change a user via Azure REST API, specifically "Insufficient privileges to complete the operation." Can someone provide guidance on how to resolve this issue? Here is the information for the HTTP method and URL I used:
HTTP Method: PATCH
URL: https://graph.microsoft.com/v1.0/users/57bd321c-0be1-45a1-8a11-XXXX
Iam using the client credentials flow.
I've also included the Access Token Information in JSON format below.
Access Token Informations
{
"typ": "JWT",
"nonce": "LW1zXXX",
"alg": "RS256",
"x5t": "T1St-XXX",
"kid": "T1St-XXX"
}.{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/a00d85a0-c9b0-41eb-XXX/",
"iat": 1702XXX,
"nbf": 1702XXX,
"exp": 1702XXX,
"aio": "E2VgYPh28cVl4y6+B7rXt88XXX",
"app_displayname": "[Sync] - OpenCelium - [PROD]",
"appid": "01514fb4-XXX",
"appidacr": "1",
"idp": "https://sts.windows.net/a00d85a0-c9b0-41eb-xxxx/",
"idtyp": "app",
"oid": "e1a6f619-XXXX",
"rh": "0.AR8XXX",
"roles": [
"APIConnectors.ReadWrite.All",
"DeviceManagementManagedDevices.Read.All",
"Device.Read.All",
"User.ReadWrite.All",
"User-LifeCycleInfo.ReadWrite.All",
"AdministrativeUnit.Read.All",
"Directory.ReadWrite.All",
"IdentityRiskyUser.ReadWrite.All",
"User.EnableDisableAccount.All",
"Directory.Read.All",
"User.Read.All",
"APIConnectors.Read.All",
"IdentityRiskyUser.Read.All",
"User.ManageIdentities.All",
"AdministrativeUnit.ReadWrite.All"
],
"sub": "e1a6f619-XXX",
"tenant_region_scope": "EU",
"tid": "a00d85a0-XXX",
"uti": "pm0DrjgU9EXXX",
"ver": "1.0",
"wids": [
"fe930be7-XXX",
"729827e3-XXX",
"0997a1d0-XXX"
],
"xms_tcdt": 1505478608,
"xms_tdbr": "EU"
}.[Signature]
Microsoft Security | Microsoft Graph
{count} votes
-
-
CarlZhao-MSFT 46,431 Reputation points2023-12-14T02:05:16.0466667+00:00 Hi @Jakob Semere
What properties of the user are you changing?
-
Jakob Semere 0 Reputation points
2023-12-18T09:06:50.3833333+00:00 Here an example { "businessPhones": [], "displayName": "Max Mustermann | AD-Admin", "givenName": "Max", "jobTitle": null, "mail": "admin@example.com", "mobilePhone": null, "officeLocation": null, "preferredLanguage": null, "surname": "Mustermann", "userPrincipalName": "as_admin@example.com", "id": "5142b08d-cbba-442f-bfb9-XXXX" },
Sign in to comment
Sign in to answer