Microsoft Graph API permissions not works, but yes Azure Active Directory Graph

Question

Hi,

We have configured an app registration in our Azure AD, and we tried added some API permissions to know what we need to execute:

az ad app update --id xxx --add replyUrls "https://example.com/testing/"

We realized that the right permissions are:

Azure Active Directory Graph:
- Application.ReadWrite.OwnedBy
- Directory.Read.All

But Azure Active Directory Graph will be deprecated, and we tried to change by same permissions on Microsoft Graph. In this case, we tried to update the applications with the previous command, and we recieved the message: Insufficient privileges to complete the operation

Could be this a bug on Api Permissions?

Answer

Hi @Luis Sanchez · Thank you for reaching out.

The cmd az ad app update --id xxx --add replyUrls "https://example.com/testing/" still uses graph.windows.net (Azure AD Graph) and not graph.microsoft.com (Microsoft Graph). Which is why if you want to use this command, you need to keep Azure AD Graph permissions in place.

There is no bug in Microsoft Graph API as I tested this out in my lab and it works with these permissions. Below are the steps I performed:

Acquired an application token with below permissions:
Made below patch call to update the redirect URI:
Checked the application in the portal and confirmed that the redirect uri is updated:

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Share via

Microsoft Graph API permissions not works, but yes Azure Active Directory Graph

1 answer

Your answer