Update-MgUser on privileged accounts

Patrick Feierabend 20 Reputation points

Hi all,

I am using powershell to update user properties (like Jobrole, department ...) from our HR system once a day. Powershell is authenticationg to MsGraph using an app and ApplicationOnly permissions.

This works fine for all users but a bunch of privileged user, who do have some admin permissions (in this case to invite guest which we have forbidden for the general user).

Everytime I want to update thos users, I get a 403 Error. What permissions priviledges to I have to give to update those users:


Line |

95 | $UpdateMgUserResult = Update-MgUser @params

 |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 | Insufficient privileges to complete the operation.  Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2024-03-07T20:33:08  Headers: Cache-Control                 : no-cache Vary                          : Accept-Encoding Strict-Transport-Security     : max-age=31536000 request-id

 | : 1c6785e4-79ef-4356-b75e-632884632602 client-request-id             : fd284b72-2417-475a-a14b-a39164716b7a x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"003","RoleInstance":"AM1PEPF0002D7E9"}} x-ms-resource-unit            : 1 Date

 | : Thu, 07 Mar 2024 20:33:08 GMT
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,449 questions
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,009 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 140.8K Reputation points MVP

    For the ability to update privileged users: ( Consider adding the app to the User Admin role for example)


    User's image

    User's image

0 additional answers

Sort by: Most helpful