Encountering Insufficient Privileges Error in Microsoft Graph PowerShell
If you are using Microsoft Graph PowerShell to manage Microsoft 365 users, you may encounter the error message Insufficient privileges to complete the operation when trying to remove a user using the
For example, I would like to remove a former Azure AD Connect synchronization account :
Remove-MgUser -UserId [email protected]
I get the following error:
Error deleting user [email protected]. Insufficient privileges to complete the operation.
This error can occur even if the current user account has the correct permissions. The cause of the issue is that the user you are attempting to remove is part of an administrative role.
Solution - Adding specific Scope
To remove a user that belongs to an administrative role, you must add the
Directory.AccessAsUser.All scope to Microsoft Graph PowerShell.
Connect-MgGraph -Scopes Directory.AccessAsUser.All
You will be prompted to sign in and consent to the new permissions. Follow the prompts to complete the process.
This scope allows Microsoft Graph PowerShell to have the same access to information in Azure AD as the signed-in user.
Once the scope has been added, you should be able to successfully remove the user using the
Remove-MgUser command without any issue.