Get-MgOrganizationSettingProfileCardProperty - unauthorized 401 even with User.ReadWrite.All consent

New Contributor

Get-MgOrganizationSettingProfileCardProperty - unauthorized 401 even with User.ReadWrite.All and User.Read.All consented for in Graph Powershell + Graph Explorer, and also registered Graph app for use with postman. other queries work OK. 

 

3 Replies
Graph permissions on their own are not sufficient for this, as mentioned in the documentation:

Note: Using delegated permissions for this operation requires the signed-in user to have a tenant administrator or global administrator role.

Forgot to mention, my user IS also a global admin in our tenant. Also, this profilecardproperty call seems to be beta, so could that mean there's issues with it on Microsoft's end and sometimes might not be supported or changed and all the how-too's I'm finding for it are no longer valid??

 

This issue is resolved now, for one, I needed to add/grant directory.read and directory.readwrite permissions even though this was not listed in the MS support article, it only listed needing user.read.all and user.readwrite.all. 

Secondly, I tried all day to POST the custom attrib to our profilecardproperties all day and could GET with the above directory permissions added but still could not POST. Came back to work after a weekend and simply tried to POST again, and it JUST STARTED WORKING. So it seems with many other things, including permissions assignment, you sometimes just need to give it 24 hours or so to propogate.