With App version 5.1 (UCS 5) and 4.3( UCS 4), the Microsoft 365 App has been completely migrated to the Microsoft Graph API. Additional privileges for the Microsoft Graph API need to be added to the configured App registrations in Azure, if the initial setup was run before version 4.0.
If this is the case, you’ll also see this error in the listener.log after each service univention-directory-listener restart
.
Authorization Error. Your application may not have the correct permissions for the Microsoft Graph API"
To add these additional permissions, you need to login to the Azure portal.
Select the Azure Active Directory
service. In case you have multiple Active Directories, click Switch directory
to choose the one you want to add your permissions to.
Open the App registrations
module.
Open the application which is connected to the Microsoft365 connector app on UCS and click on API permissions
.
Click Add a permission
, select the API Microsoft Graph, choose “Application Permissions” and search for and add the following permissions:
- Directory ReadWrite.All
- Group ReadWrite.All
- TeamMember ReadWrite.All
- User ReadWrite.All
Click on Grant admin consent for Univention Test GmbH
to activate the newly added permissions.
By executing service univention-directory-listener restart
the permission check will be repeated.
If the warning mentioned above does not appear, the permissions are now correct.