Many of you may have started exploring the graph PowerShell offered by Microsoft since the AzureAD modules are soon to be deprecated.
Now you may have noticed this error: “Insufficient privileges to complete the operation”
This relates to the permissions that we grant while using the Connect-MgUser command. This is for connecting to Azure AD. In Microsoft docs, you may find the Connect-MgUser command to be
Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All"
Notice that the values passed to the “Scopes” parameter are “User.Read.All” and “Group.ReadWrite.All”. The User has Read only permissions. So, if we go on to create a new user which is a write operation, it will throw an error that says Insufficient privileges.
Now, let’s make a slight modification to the Connect-MgGraph cmdlet.
Connect-MgGraph -Scopes "User.Read.Write.All","Group.ReadWrite.All"
We have changed “User.Read.All” to “User.Read.Write.All”. This would give us sufficient privileges to create a new user in Azure AD 🙂.