The original version of the Microsoft Partner PowerShell script that Legacy Partners used did not include the User.ReadWrite.All permission. Because of this, users that were imported based on those parameters are not able to change their Office 365 details when clicking the pencil on their profile page.
The newest version of the PowerShell script has this right added to the list of requested permissions. Partners who used the previous script can make the fix in their Azure Active Directory or simply rerun the script and replace the application ID and secret values.
Note! This change occurred in August 2019. Partners that started with CloudRadial after this date may disregard the following instructions.
Updating in Azure
- Navigate to portal.azure.com
- Open the Azure Active Directory tab
- Select App Registrations > All Applications
- Open the App CloudRadial Partner Application (partnerid)
- Go to API Permissions and add User.ReadWrite.All
- Click on the Grant Admin Consent button at the top of the page to apply changes
- Users will need to log out and back in again to have these changes take effect
Comments
4 comments
Jeff - in order to make this article a little bit more "Foolproof" instructions to use the API "Microsoft Graph" of type "Application" would help. Obviously most people will figure it out from the screenshot, but it would be a small improvement anyway.
i.e.: 5. Go to API Permissions and click "add a permission"
6. Choose Microsoft Graph from the list of API's
7. Pick the API type of "Application"
8. Then search for the term User and check the box next to "User.ReadWrite.All"
If the users are Azure AD synced, remember that the settings will be overwritten if there is no user write back on the license. I think...
Since we are the CSP and only have the app registration in our own tenant, will this work if we just make the change in our tenant? or should i go and setup each client individually with the app registration?
CloudRadial uses your delegated credentials so once you connect a client, that app will have the rights to make the changes on client accounts.
Article is closed for comments.