Is principalId Always a GUID in Microsoft Graph ??
{ "error": { "code": "Request_BadRequest", "message": "Invalid GUID:HR", "innerError": { "date": "2026-02-13T06:44:24", "request-id": "87678d90-1d94-4131-a705-4356ad3568a4", "client-request-id": "63569c7b-1dea-42d4-8d72-aa3668c78418" } } } We’re encountering an issue with the Microsoft Graph API response for directoryRole Recently, one of our Graph API calls started returning a response where the principalId value appears to be a custom string instead of the expected GUID. In our code, we loop through each id from the delta response, assuming it will always be a valid GUID. However, we are now getting errors because one of the returned principalId values does not match the expected format. Our questions: Is it possible for Microsoft Graph API to return a custom string instead of a GUID for principalId? Has anyone experienced similar behavior with delta queries for directoryRole or any other object? Are there any known scenarios where the principalId format differs from the standard GUID? Any insights would be appreciated.
How to add Metadata to Groups
Hello, I am getting quite frustrated with any kind of metadata in Entra ID especially on groups. I used to put a lot of information like product , responsible , location etc. in either the name or the description of a group but since this information is most of the time confusing and irrelevant for the members of the group, I wanted to come up with something better. Now it seems that for some reason Microsoft denies any kind of metadata in Entra ID to be added to most objects especially groups. Overall it seem Microsoft does not see value in providing tags similar to the ones in Azure to any object type in Entra ID and I wonder why is that? I checked out the new "Custom Security Attributes" feature, turns out, its only available for users and applications.... Then I thought we are using directory extensions on applications and users already, it would be useful to use on groups as well. Now according to the documentation groups are also supported, great. But then there is the limitation that you can not update mail enabled and distribution groups via Graph API 😡. Well majority of groups are mail enabled.... Now I am forced to use the EXO module which limits the possibility of automating this quite much (requires PowerShell) but even with this you can not set directory extensions. Why is this so bad by design? How can I add metadata to groups now? Cheers