Can Not Create Planner Plan duo lack of permission

Question

I'm trying to create Planner Plan using Microsoft Graph API. As documented it requires groupId. I also create Group, but when i create a Planner plan using Graph Explore it returns a 403 with the message

"You do not have the required permissions to access this item, or the item may not exist."

I'm aware that in order to create a plan, It required Group.ReadWrite.All permission on Delegated (work or school account). I granted these in the Azure Portal but still get same error.

One thing is I don't know how to determine if my account is a "work or school account". My account was created by the admin of my tenant and it uses the of my organization so I guest it is Work account.

What do I have wrong here, do I need another API to assign plan to group before create?

EDIT1:

Here is the request body when i'm create a Planner Group, I'm also tried to toggle "securityEnabled" to true but it still fail when create a plan

And Here is the Request body when I create Planner Plan

EDIT2:

I also tried to update Planner plan by this API and it still failed. It seems Group.ReadWrite.All permissions does not apply to my account

Answer 1

Your request is failing because you are not a member of the group in which you are trying to create a plan. Changing group content requires the calling user to be a member. Owners of the group currently cannot edit the Planner content in the group, unless they are also members.

Answer 2

Although you have requested Group.ReadWrite.All, you cannot authorize this permission until you have received "Consent" from an Administrator.

If you're using the Azure Portal to register you app (aka the v1 Endpoint) then your admin can either use the Admin Consent workflow or directly grant permission within the portal. You can read more about he Consent Framework in Integrating applications with Azure Active Directory.