You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I run Find-MgGraphCommand on New-MgUser, it implies that permission DeviceManagementApps.ReadWrite.All is sufficient to run. However, when I log in with that scope and try to create a new user, I get "new-mguser : Insufficient privileges to complete the operation." When I log in with scope User.ReadWrite.All, the same command succeeds.
DeviceManagementApps.ReadWrite.All Read and write Microsoft Intune apps
DeviceManagementConfiguration.ReadWrite.All Read and write Microsoft Intune device configuration and policies
DeviceManagementManagedDevices.ReadWrite.All Read and write Microsoft Intune devices
DeviceManagementServiceConfig.ReadWrite.All Read and write Microsoft Intune configuration
Directory.ReadWrite.All Read and write directory data
User.ReadWrite.All Read and write all users' full profiles
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
When I run Find-MgGraphCommand on New-MgUser, it implies that permission DeviceManagementApps.ReadWrite.All is sufficient to run. However, when I log in with that scope and try to create a new user, I get "new-mguser : Insufficient privileges to complete the operation." When I log in with scope User.ReadWrite.All, the same command succeeds.
Find-MgGraphCommand -command New-MgUser | Select -First 1 -ExpandProperty Permissions | Select Name,Description
Name Description
DeviceManagementApps.ReadWrite.All Read and write Microsoft Intune apps
DeviceManagementConfiguration.ReadWrite.All Read and write Microsoft Intune device configuration and policies
DeviceManagementManagedDevices.ReadWrite.All Read and write Microsoft Intune devices
DeviceManagementServiceConfig.ReadWrite.All Read and write Microsoft Intune configuration
Directory.ReadWrite.All Read and write directory data
User.ReadWrite.All Read and write all users' full profiles
Beta Was this translation helpful? Give feedback.
All reactions