Question : which api permission are required on azure AD enterprise app for Get and Set-PnPUserProfileProperty ? #2597
-
|
Hi, We are scheduling a script that update the mobile number of users. We want to use an azure ad app enterprise as authentication method (using certificate instead of client id /secret). What is the required api permission necessary, delegated or application ? 1/ We have configure User.ReadWrite.AllUser & Site.Fullcontrol, it works, but it gives too much permission for "just" updating mobile property for every users 2/ We have tried User.ReadWrite.Alluser & Site.Read, it doesnt work (Unauthorized) 3/ The site selected permission wont work i think, Thank you for your help, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Resolved : And run this script Connect-PnPOnline -Url $AdminSiteURL -Interactive |
Beta Was this translation helpful? Give feedback.
Resolved :
User.ReadWrite.AllUser - Application
Sites.Selected - Application
And run this script
$AdminSiteURL = https://yourtenant-admin.sharepoint.com/
$appClientId = "xxx"
Connect-PnPOnline -Url $AdminSiteURL -Interactive
Grant-PnPAzureADAppSitePermission -Permissions "Write" -Site $AdminSiteURL -AppId $appClientId -DisplayName "Permission_Sync_users_mobile"