Table of Contents
Insufficient privileges to complete the operation
When connecting to Microsoft Graph PowerShell and trying to read the users information, I saw the error below:
PS C:\> Get-MgUser
Get-MgUser : Insufficient privileges to complete the operation.
…
Using Get-MgContext
When connecting to Graph Module in PowerShell, it basically connects with the default scope, which is ‘User.Read’. This means you have access to read only your profile. You can use the Get-MgContext cmdlet to retrieve the details about your current session.
As you can see, the permission of this account is not enough to get the information of all account in your Microsoft 365 tenant even you’ve authenticated using an administrative account.
PS C:\> (Get-MgContext).scopes
openid
profile
User.Read
email1. First, disconnect the existing Graph session by running the below command:
Disconnect-MgGraph2. Connect to the Microsoft Graph PowerShell with the desired scopes with a privileged account or Global Admin account. For example, I used this scope to read all user’s profile.
Connect-MgGraph -Scopes 'User.Read.all','Application.Read.All'
Now, when you get the permission of your current session, you should see the new permissions are added.
PS C:\> (Get-MgContext).scopes
openid
profile
User.Read
email
User.Read.All
Application.Read.AllThe Get-MgUser command now should execute without any error or warning.
PS C:\> Get-MgUser -All
Id DisplayName UserPrincipalName UserType
-- ----------- ----------------- --------
4f146ecb-f495-4e30-b510-15995e59ffc1 Bon Ben [email protected] Member
4091c7f3-10ff-4407-856c-a95d141e05b9 Ben [email protected] Member
617660b7-8595-42d1-94d7-57de2373b56a Chris [email protected] Member
953fc411-c599-432e-950c-2fe60199991a Info [email protected] Member
...Conclusion
Working with the Microsoft Graph PowerShell SDK requires more attention to permissions than is the normal with PowerShell modules.
