With App version 5.1 (UCS 5) and 4.3( UCS 4), the Microsoft 365 App has been completely migrated to the Microsoft Graph API. Additional privileges for the Microsoft Graph API need to be added to the configured App registrations in Azure, if the initial setup was run before version 4.0.
If this is the case, you’ll also see this error in the listener.log after each
service univention-directory-listener restart.
Authorization Error. Your application may not have the correct permissions for the Microsoft Graph API"
To add these additional permissions, you need to login to the Azure portal.
Azure Active Directory service. In case you have multiple Active Directories, click
Switch directory to choose the one you want to add your permissions to.
App registrations module.
Open the application which is connected to the Microsoft365 connector app on UCS and click on
Add a permission, select the API Microsoft Graph, choose “Application Permissions” and search for and add the following permissions:
- Directory ReadWrite.All
- Group ReadWrite.All
- TeamMember ReadWrite.All
- User ReadWrite.All
Grant admin consent for Univention Test GmbH to activate the newly added permissions.
service univention-directory-listener restart the permission check will be repeated.
If the warning mentioned above does not appear, the permissions are now correct.