Open Chris-AdamsonQHR opened 5 months ago
Hi @Chris-AdamsonQHR ,
Looking at the Graph API docs: https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-beta#properties proxyAddresses - Read-only in Microsoft Graph; you can update this property only through the Microsoft 365 admin center. Not nullable.
Hi @petrhollayms. Thank you for looking at this. In the non-beta version of the SDK when we attempted to change the proxy address it indeed resulted in an error stating that the property was read only. However in the beta version, the same call resulted in an exception of insufficient privileges (as reported here).
With this different error, I was hoping that this property was no longer read-only, but from your description of the underlying documentation, would seem that it is still read-only (at least in the Graph API) and just that the error has changed.
I'm going to add on to this - if you update the Mail property and ProxyAddresses property in a single Patch call with the beta graph API it produces an error message saying they cannot be updated together, implying the latter is indeed possible to update.
This also raises an issue overall where changing a user's email address and addresses associated with their Identities, it does not "release" the former email address from proxyAddresses, meaning a user cannot re-use that email address in the future, which can be problematic.
Expected behavior
Making a call to User.setProxyAddresses() succeeds when "User.ReadWrite.All" and "Directory.ReadWrite.All" application permissions are granted in the Azure portal with admin consent given.
Actual behavior
An exception is thrown: com.microsoft.graph.beta.models.odataerrors.ODataError: Insufficient privileges to complete the operation.
Steps to reproduce the behavior
Using version 6.9.0 of the beta SDK:
Here are the permission settings we tried using in the Azure Portal:
We also set the application in Azure to both User Administrator and then Global Administrator without succcess.
Related
Patch request to do the same operation is the suggested operation via graph explorer: https://stackoverflow.com/questions/65198916/remove-old-proxyaddress-entry-for-user-in-azure-active-directory/71577425#71577425