Insufficient privileges to complete the operation using Azure Application

Error:
When you use APPID and Secret for and azure AD, it is giving an error as follows,

{
“error”: {
“code”: “Authorization_RequestDenied”,
“message”: “Insufficient privileges to complete the operation.”,
“innerError”: {
“request-id”: “bcd913f3-8f4b-4e50-b83c-41b5f7149a24”,
“date”: “2019-05-03T09:15:36”
}
}
}


Noticed this error in one of the Microsoft flow to assign Azure AD Roles to the users using automation.

Solution:
why it happens, when you create application is azure AD and give all the permissions to Graph and Azure AD but it is not gonna talk to azure ad interms of doing the nessary actions. there is a service principal account which is taking care back end activity. hance you need to assign Azure AD Role for the Service pricipal as well to solve this issue.

To solve this issue, you need to assign the appropriate role to the azure Application Service principal. In my case, i was trying to assign Guest Inviter role for the designated users using PowerApps / Flow. so based on your work load, you need to assign the permissions.

open Powershell in elevated mode and execute the below commands.
Step 1: Install-Module AzureAD
Skip the the step 1 if you have already installed azure AD Powershell module
Step 2: Connect-AzureAD

Step 3: $app = Get-AzureADServicePrincipal -SearchString “your app name”

Step 4: $role = Get-AzureADDirectoryRole | Where-Object {$_.DisplayName -eq “Company Administrator”}

Step 5: Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $app.ObjectId

Once you have executed allthe commands without any errors, your application has been assigned with required permissions and the application will be able to solve the issue.

In my case, it has fixed the issue that I have struggled for 48 hours to resolve permanently.

Leave a Reply

Your email address will not be published. Required fields are marked *