Reset Redemption Status by using Microsoft Graph with App Permissions

Question

I try to use the relative new feature of resetting the redemption status of a guest user. My code calls the invitations API of Microsoft Graph, as described here: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/reset-redemption-status

This works as expected, as long as I use delegated / user permissions. But it doesn't seem to work with App Permissions! The invitation API itself works with App Permissions, but this specific feature of resetting the redemption status ends with an error:

   HTTP 403 Forbidden  
   Guest invitations not allowed for your company. Contact your company administrator for more details.  

The app has Directory.ReadWrite.All as well as User.Invite.All permissions granted. And the invitation without the resetRedemption switch works. I used the Beta endpoint of MS Graph - so, i'm aware of the fact that it isn't available on v1.0 endpoint yet.

Is this a known issue?
BR, Lukas

Answer 1

Currently does not support application permissions!

I have read the doc in detail, and there are detailed instructions in the doc: When you're resetting the status for a B2B guest user, be sure to do so under the user context. App-only calls are currently not supported.

During public preview, we have two recommendations:

When you're resetting the user's email address to a new address, we recommend setting the mail property. This way the user can redeem the invitation by signing into your directory in addition to using the redemption link in the invitation.

When you're resetting the status for a B2B guest user, be sure to do so under the user context. App-only calls are currently not supported.

---

If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.