Update-MgUser on privileged accounts

Patrick Feierabend 20 Reputation points
2024-03-07T21:01:50.8733333+00:00

Hi all,

I am using powershell to update user properties (like Jobrole, department ...) from our HR system once a day. Powershell is authenticationg to MsGraph using an app and ApplicationOnly permissions.

This works fine for all users but a bunch of privileged user, who do have some admin permissions (in this case to invite guest which we have forbidden for the general user).

Everytime I want to update thos users, I get a 403 Error. What permissions priviledges to I have to give to update those users:

Error:

Line |

95 | $UpdateMgUserResult = Update-MgUser @params

 |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 | Insufficient privileges to complete the operation.  Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2024-03-07T20:33:08  Headers: Cache-Control                 : no-cache Vary                          : Accept-Encoding Strict-Transport-Security     : max-age=31536000 request-id

 | : 1c6785e4-79ef-4356-b75e-632884632602 client-request-id             : fd284b72-2417-475a-a14b-a39164716b7a x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"003","RoleInstance":"AM1PEPF0002D7E9"}} x-ms-resource-unit            : 1 Date

 | : Thu, 07 Mar 2024 20:33:08 GMT
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,580 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,693 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 150.6K Reputation points MVP
    2024-03-07T21:31:28.76+00:00

    For the ability to update privileged users: ( Consider adding the app to the User Admin role for example)

    https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http

    User's image

    User's image


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.