Skip to main content
My preferencesSign out
Proofpoint, Inc.

Azure AD Permissions Error

Situation If required permissions aren’t enabled, you may encounter an Azure sync error when running a manual sync test.
Solution Follow the below steps to ensure the necessary permissions are enabled.

 

Want some help setting up Azure and syncing with Essentials? Check out our article Azure Active Directory Sync Guide.

Potential Permission Error & Resolution 

If required permissions aren’t enabled, you may encounter an Azure sync error when running a manual sync test. Azure will throw an error like the following:

[Authorization_RequestDenied] Insufficient privileges to complete the operation

You need to:

  • Ensure that the user role within Azure is correct (Global/Company Admin).
  • Ensure that the application has the correct permissions within the Azure management portal below:
    • Application Permissions : Read Directory Data
    • Delegated Permissions : Read all users' basic profiles
    • Delegated Permissions : Read all groups
    • Delegated Permissions : Read directory data

MODIFYING PERMISSIONS WITHIN AZURE: 

To modify permissions and resolve the above error:

  1. Log into Azure Active Directory Admin center.
  2. Navigate to All settings > Required permissions > Windows Azure AD.
  3. Set appropriate permissions under APPLICATION PERMISSIONS and DELEGATED PERMISSIONS (ones shown in sync error).
  4. Under DELEGATED PERMISSIONS, set Sign in and read user profile to No.
  5. Under Enable Access, click Save then immediately click Grant Permissions.