This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 12%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPV%3C/text%3E%3C/svg%3E)
I'm using an App with consented delegated permissions Directory.ReadWrite.All and User.ReadWrite.All. I'm using Set-MgUserManagerByRef to set the Manager property of an account like:
$body = @{
grant_type = "client_credentials"
scope = $scope
client_id = $clientId
client_secret = $clientSecret
}
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Method Post -ContentType "application/x-www-form-urlencoded" -Body $body
$accessToken = $tokenResponse.access_token
$newManagerRef = @{
"@odata.id" = "https://graph.microsoft.com/v1.0/users/" + $manager.Id
}
# Update the manager property
Set-MgUserManagerByRef -UserId $adminuser.Id -BodyParameter $newManagerRef
Set-MgUserManagerByRef returns this error: Insufficient privileges to complete the operation. Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied.
What (permission) am I missing?
Regards, Paul
A cloud-based identity and access management service for securing user authentication and resource access
Answer accepted by question author
If you are using an app to update, then you need to use application level perms, not delegated perms