|Situation||If required permissions aren’t enabled, you may encounter an Azure sync error when running a manual sync test.|
|Solution||Follow the below steps to ensure the necessary permissions are enabled.|
Want some help setting up Azure and syncing with Essentials? Check out our article Azure Active Directory Sync Guide.
Potential Permission Error & Resolution
If required permissions aren’t enabled, you may encounter an Azure sync error when running a manual sync test. Azure will throw an error like the following:
[Authorization_RequestDenied] Insufficient privileges to complete the operation
You need to:
- Ensure that the user role within Azure is correct (Global/Company Admin).
- Ensure that the application has the correct permissions within the Azure management portal below:
- Application Permissions : Read Directory Data
- Delegated Permissions : Read all users' basic profiles
- Delegated Permissions : Read all groups
- Delegated Permissions : Read directory data
MODIFYING PERMISSIONS WITHIN AZURE:
To modify permissions and resolve the above error:
- Log into Azure Active Directory Admin center.
- Navigate to All settings > Required permissions > Windows Azure AD.
- Set appropriate permissions under APPLICATION PERMISSIONS and DELEGATED PERMISSIONS (ones shown in sync error).
- Under DELEGATED PERMISSIONS, set Sign in and read user profile to No.
- Under Enable Access, click Save then immediately click Grant Permissions.