Microsoft Graph user/getMemberGroups fails despite correct Permissions

Question

I am using Graph explorer to test some requests. I logged in with my tenant account and I am trying to list Tasks from another User:

https://graph.microsoft.com/v1.0/users/{id}/getMemberGroups

I get the following error :

{
    "error": {
        "code": "",
        "message": "You do not have the required permissions to access this item.",
        "innerError": {
            "request-id": "8e9c5b30-ad4a-4c4c-80c2-f14b110b3fee",
            "date": "2020-05-18T16:08:36"
        }
    }
}

I currently have (among others) the following permission during that test :

Group.Read.All
Group.ReadWrite.All
User.Read.All
User.ReadWrite.All

Referring to the documentation, this should be enough :

Delegated (work or school account): User.ReadBasic.All and GroupMember.Read.All, User.Read and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Readand Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All

Delegated (personal Microsoft account): Not supported.

Application: User.Read.All and GroupMember.Read.All, User.Read.All and Group.Read.All, Directory.Read.All, Directory.ReadWrite.All

Any idea on what is going wrong?

Answer 1

Although you have requested Permissions, you cannot authorize this permission until you have received "Consent" from an Administrator. Also, You need to be the member of the group you are requesting via graph if you are doing any changes to group.

If you're using the Azure Portal to register you app (aka the v1 Endpoint) then your admin can either use the Admin Consent workflow or directly grant permission within the portal. You can read more about the Consent Framework in Integrating applications with Azure Active Directory.