Hello Community, 

Hope one of you can assist.  We are trying to set up the Microsoft Azure AD Spoke so that we can add & remove users from groups in Azure.  Seems simple right? 

Our Cybersecurity Team will not grant me Directory.ReadWrite.All as they feel it is over permissioned. I am setting up the Microsoft Azure AD Spoke and am testing the actions currently, and I am not able to do a couple of the actions.  I have removed part of the ID#s.  

I am able to run "Look up Group ID" supply it the group name.  status: Group Found.

I am NOT able to "Add User to Group"

Add user to group:

Group id: fd7fd7fa-ee9c9d5094

User ID: 49238e68-cdd1fc4d57

 Error message: Forbidden Request. Please Check Oauth Token and scope permission.

 Method failed:

(/v1.0/groups/fd7fd7fa--7c6e9c9d5094/members/$ref)

with code: 403 - Forbidden username/password combo

 {"error":{"code":"Authorization_RequestDenied","message":"Insufficient

privileges to complete theoperation.","innerError":{"date":"2022-06-13T17:52:35","request-id":"cfa69e98a8f-d7185eec9fac","client-request-id":"cfa69e9085eec9fac"}}}

 {"Transfer-Encoding":["chunked"],"request-id":["cfa69e90eec9fac"],"Date":["Mon,

13 Jun 2022 17:52:34

GMT"],"Strict-Transport-Security":["max-age=31536000"],"Cache-Control":["no-cache"],"x-ms-ags-diagnostic":["{\"ServerInfo\":{\"DataCenter\":\"Canada

East\",\"Slice\":\"E\",\"Ring\":\"2\",\"ScaleUnit\":\"002\",\"RoleInstance\":\"QB1PEPF0000218D\"}}"],"client-request-id":["cfa69d7185eec9fac"],"x-ms-resource-unit":["1"],"Content-Type":["application/json"]}

 Status code 403

 {"error":{"code":"Authorization_RequestDenied","message":"Insufficient

privileges to complete theoperation.","innerError":{"date":"2022-06-13T17:52:35","request-id":"cfa6f-d7185eec9fac","client-request-id":"cfa69e90ec9fac"}}}

 I am attaching the permissions that they have granted and was hoping that you could assist, as I have been going back and forth with them on this and not sure what else to do at this point. Any ideas would be greatly appreciated. 

Thanks,

-Eric