Forum Discussion
Get-MgOrganizationSettingProfileCardProperty - unauthorized 401 even with User.ReadWrite.All consent
Get-MgOrganizationSettingProfileCardProperty - unauthorized 401 even with User.ReadWrite.All and User.Read.All consented for in Graph Powershell + Graph Explorer, and also registered Graph app for use with postman. other queries work OK.
- Graph permissions on their own are not sufficient for this, as mentioned in the documentation:
Note: Using delegated permissions for this operation requires the signed-in user to have a tenant administrator or global administrator role.- n8tronCopper Contributor
Forgot to mention, my user IS also a global admin in our tenant. Also, this profilecardproperty call seems to be beta, so could that mean there's issues with it on Microsoft's end and sometimes might not be supported or changed and all the how-too's I'm finding for it are no longer valid??
- n8tronCopper Contributor
This issue is resolved now, for one, I needed to add/grant directory.read and directory.readwrite permissions even though this was not listed in the MS support article, it only listed needing user.read.all and user.readwrite.all.
Secondly, I tried all day to POST the custom attrib to our profilecardproperties all day and could GET with the above directory permissions added but still could not POST. Came back to work after a weekend and simply tried to POST again, and it JUST STARTED WORKING. So it seems with many other things, including permissions assignment, you sometimes just need to give it 24 hours or so to propogate.