Unable to create Federation Configuration via Graph API

Schindler Christian 21 Reputation points
2024-09-10T14:28:18.7633333+00:00

Hello,

since the MSOnline and AzureAD PS Modules are deprecated I wanted to make myself familiar with the Graph API.

One of the things I tried to achive is switching a domain from "managed" to "federated".

So I tried to create a new Federation Configuration with the "New-MGDomainFederationConfiguration" cmdlet.

However, regardless of what I do/change, I always get the error "New-MgDomainFederationConfiguration : Insufficient privileges to complete the operation."

I connected to Graph with "Connect-MgGraph -Scopes Domain.ReadWrite.All". According to the documentation of the cmdlet, the "Domain.ReadWrite.All" Scope is the only scope necessary. The permisson has been consent for the tenant by the admin.

I also tried to do achieve my goal using Graph Explorer - with the same result.

Can someone pls help me get this done?

Thanks!

Christian

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,039 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  2. Schindler Christian 21 Reputation points
    2024-09-11T08:22:55.0666667+00:00

    Nevermind. I found the solution myself. This is a known issue as documented here:

    https://developer.microsoft.com/en-us/graph/known-issues/?search=21445

    As a workaround one needs to grant Directory.AccessAsUser.All permissions.

    Cheers

    Christian

    0 comments No comments

  3. Schindler Christian 21 Reputation points
    2024-09-11T08:23:39.39+00:00

    I found the solution myself. This is a know issue as documented here:

    https://developer.microsoft.com/en-us/graph/known-issues/?search=21445

    0 comments No comments

  4. Schindler Christian 21 Reputation points
    2024-09-11T08:24:35.26+00:00

    I found the solution myself. This is a know issue. One needs to grant Directory.AccessAsUser.All in addition.


  5. Yakun Huang-MSFT 4,800 Reputation points Microsoft Vendor
    2024-09-16T03:01:06.97+00:00

    Hi @Schindler Christian

    Yes, this is a known question that I answered earlier, but the post was deleted, and now I'm recapping it in the hope that you can flag the answer so that it can be seen by more people with similar questions.

    User's image

    More details can be found in this document.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.