Nov 23 2023 12:43 PM
Hello Team,
When I try to access '' user properties '' for one of the customers I have a relationship with, I get the error message of '' Getting 403: "Insufficient privileges to complete the operation. ''
I already have a GDAP relationship with them and an active security group, and i'm a member of that security group, and also my profile is global admin.
I can access user properties for all other tenants except for me.
any help please.
Dec 05 2023 08:45 AM - edited Dec 05 2023 08:46 AM
Good Day John,
I also have the same issue and opened a case with Microsoft Partner center but got no response yet.
Have you been able to resolve this? @JohnWites
Dec 05 2023 04:56 PM
@sansbacher would you know anything about this by chance? Moving this to our Partner-led tech topic discussion board in hopes someone can help there. 🙂
Dec 06 2023 07:48 AM
@JillArmourMicrosoft and @JohnWites,
I don't know off the top of my head, but you'd likely need to provide more info. Access "User Properties" where/how? In the Partner Center? Or in AzureAD/Entra via the web GUI? Or via API or PowerShell? (using Graph or AzureAD or ?) Is it just you or is anyone else in your Org able to access Users in this Customer? Is it all users for this one Customer, or just a certain user? And other Users with other Customers are just fine? Are your a Tier1/Direct or Tier2/Indirect Partner?
If it's just the Partner Center, I don't think that has to do with GDAP, that's for delegated privileges, as in accessing their AzureAD, ExO, SP, etc. Partner Center is your portal, permissions in there are via the AdminAgents, HelpdeskAgents, and SalesAgents groups. You would need to be a member of AdminAgents or Helpdeskagents to do anything with the Customer's users (such as assign Licenses). Global Admin is for your Tenant. This would be the same for using the website or the ParnerCenter PowerShell module.
If it's the website I'd also strongly suggest trying Incognito/Private mode in your browser [and try Chrome, Edge, and Firefox] to see if that makes a different -- I HAVE seen weird issues go away when using Incognito mode, which means you need to clear your Cookies and Site Data/Storage for the Partner Center website.
You may also have to remove and recreate the whole relationship, through if you are already reselling them products I would contact MS or your Tier1 first.
If it's an issue with the Customer's AzureAD, ExO, etc (using Delegated Permissions) then it does rely on GDAP: what group are in you and and AAD Roles are mapped to that Group? Is it Active? I'd try recreating the GDAP relationship (Terminate the old one after) and see if that helps. Don't add Global Admin or you won't be able to auto-renew.
I hope some of that helps or at least provides some avenues to try and narrow it down. But I've never seen that error, though to be honest: I don't use the Partner Center that much myself, most of what I do I do using PowerShell and APIs using the Secure App Model.
--Saul
Dec 11 2023 01:34 AM
Dec 11 2023 01:46 AM
Dec 11 2023 03:08 AM
Dec 11 2023 05:02 AM