I don't believe the User.ManageIdentities.All permission can be used for this operation. According to its description, it's only relevant for the identities property: https://learn.microsoft.com/en-us/graph/permissions-reference#usermanageidentitiesall
update-mguser 403 Insufficient privileges to complete the operation
https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http#permissions
As it descripted, the Least privileged permissions is "User.ManageIdentities.All" for app permission. But I tested with command: Update-MgUser -UserId jiatan@evait.onmicrosoft.com -DisplayName "Tan Jia"
403 insufficient privileges to complete the operation was returned.
I connect-mggraph with app-only authentication https://learn.microsoft.com/en-us/powershell/microsoftgraph/app-only?view=graph-powershell-1.0
This action can be completed with app permission "User.ReadWrite.All".
Does User.ManageIdentities.All really use as Least privileged permissions for update user properties?
2 answers
Sort by: Most helpful
-
-
CarlZhao-MSFT 40,311 Reputation points
2024-05-28T03:08:28.7066667+00:00 Hi @Jia Tan
The
User.ManageIdentities.All
permission is a fine-grained least privilege permission that can only be used to manage the user's identities property, and thedisplayName
property is obviously not included in this list.