Unable to write to Graph APIs

Sunaina Bidurga Shashikumar 26 Reputation points Microsoft Employee
2021-05-26T22:09:21.587+00:00

Hi All,

I'm currently trying to create a secret credential for my AAD applications and I'm unable to perform write operations on graph API. I have tried using Managed Identity, AAD certificate and AAD secret credential and all are giving me unauthorized error. I tried to request for Delegated permission on MS Graph APIs and it said I need admin consent for this. Is this the only way to get write permissions for this API?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,742 questions
0 comments No comments
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,201 Reputation points Microsoft Employee
    2021-05-27T05:48:35.037+00:00

    @Sunaina Bidurga Shashikumar Thanks for reaching out.

    Can you help us understand what is your end goal ?

    If the particular API needs admin permission it lists them out while you are trying to Add the API option. You cannot work around it for that API.
    Not all write API needs Admin permission though. We can help you further if you share more details.

    Note : Any API which needs Admin consent, must have admin consent to work. There is no work around and avoiding this someway is more of a security risk.

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Sunaina Bidurga Shashikumar 26 Reputation points Microsoft Employee
    2021-06-01T16:29:32.23+00:00

    Thank you for your response. I'll try to get Admin consent to set the right permissions.

    1 person found this answer helpful.
    0 comments No comments

  2. Sunaina Bidurga Shashikumar 26 Reputation points Microsoft Employee
    2021-05-27T16:02:13.907+00:00

    Thank you for taking time on this Vipul.

    I'm trying to implement a service to rotate the client secret passwords for our AAD applications. I learnt that I don't have Application.ReadWrite.OwnedBy, Application.ReadWrite.All permission for this. However when I request for this permission on Azure portal, it said I need admin consent. The issue here is, these permissions are granted only for Production data but in my case, we have applications on our test environments which needs secret rotation. Is there anyway I can get these permissions to our non-AME
    applications?