Unable to write to Graph APIs

Question

Hi All,

I'm currently trying to create a secret credential for my AAD applications and I'm unable to perform write operations on graph API. I have tried using Managed Identity, AAD certificate and AAD secret credential and all are giving me unauthorized error. I tried to request for Delegated permission on MS Graph APIs and it said I need admin consent for this. Is this the only way to get write permissions for this API?

Answer 1

@Sunaina Bidurga Shashikumar Thanks for reaching out.

Can you help us understand what is your end goal ?

If the particular API needs admin permission it lists them out while you are trying to Add the API option. You cannot work around it for that API.
Not all write API needs Admin permission though. We can help you further if you share more details.

Note : Any API which needs Admin consent, must have admin consent to work. There is no work around and avoiding this someway is more of a security risk.

Answer 2

Thank you for your response. I'll try to get Admin consent to set the right permissions.

Answer 3

Thank you for taking time on this Vipul.

I'm trying to implement a service to rotate the client secret passwords for our AAD applications. I learnt that I don't have Application.ReadWrite.OwnedBy, Application.ReadWrite.All permission for this. However when I request for this permission on Azure portal, it said I need admin consent. The issue here is, these permissions are granted only for Production data but in my case, we have applications on our test environments which needs secret rotation. Is there anyway I can get these permissions to our non-AME
applications?