403 - Forbidden - Failed to retrieve appliable Sku categories for the user when trying to add team to Microsoft 365 group
In some cases I get the above mentioned response from the MS Graph API when trying to add Teams to an MS 365 group by doing an HTTP PUT to the endpoint https://graph.microsoft.com/v1.0/groups/{groupId}/team.
I have had the same code doing this for a couple of years, and it only started failing a couple of weeks ago - so I suspect MS have changed something related to this at their end.
This does not seem to happen consistently - for some groups the call succeeds, for some it fails. The identities used for making the call are owners of the groups in question and have the Group.ReadWrite.All and Directory.ReadWrite.All permissions and this has been consented by Global Admin. In some cases when the call fails for one identity it will succeed when doing the call as another identity. In some cases it will fail for all the identities I have tried.
I will normally be doing these calls using the GraphServiceClient in C# where the calling identity is a service principal, but to rule out problems with that I also tried the same in the MS Graph Explorer with the same result - here I use a normal user identity with the correct permissions.
Any similar experiences or suggestions to help resolve this would be highly appreciated
The error usually occurs if the Owners of Microsoft 365 group does not have valid Office 365 license assigned, while adding team to group.
When I tried to create team from MS 365 group with Owners not having active Office 365 license, I too got same error:
PUT https://graph.microsoft.com/v1.0/groups/groupId/team
{
"memberSettings": {
"allowCreatePrivateChannels": true,
"allowCreateUpdateChannels": true
},
"messagingSettings": {
"allowUserEditMessages": true,
"allowUserDeleteMessages": true
},
"funSettings": {
"allowGiphy": true,
"giphyContentRating": "strict"
}
}
Response:
To resolve the error, make sure to assign active Office 365 license to Owners of M365 groups like this:
Go to Azure Portal -> Microsoft Entra ID -> Groups -> All groups -> Select group -> Owners -> Select Owner -> Licenses -> Assignments
When I tried to create team from MS 365 group with Owner having active Office 365 license. I got response like this:
PUT https://graph.microsoft.com/v1.0/groups/groupId/team
{
"memberSettings": {
"allowCreatePrivateChannels": true,
"allowCreateUpdateChannels": true
},
"messagingSettings": {
"allowUserEditMessages": true,
"allowUserDeleteMessages": true
},
"funSettings": {
"allowGiphy": true,
"giphyContentRating": "strict"
}
}
Response:
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Azure Permission - needed for creating resource group - RBAC
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- Can the Azure Service Bus be delayed before retrying a message?
- azure documentdb create document duplicates Id property
- JWT validation failure error in azure apim
- Azure App Service and Application Insights where is performance test?
- Is it possible to have a non-interactive code that logs in to Azure and creates users in Microsoft Entra ID?
- Change Default Service Version of Microsoft Azure Blob - PHP
- Microsoft Graph: How to filter users by domain name
- Azure App Service Plan CPU Spikes to 100%
- Unable to Authenticate to DevOps API with Angual MSAL
- Azure Databricks: Not able to parameterize keys option of dlt.apply_changes
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Attaching a private static ip address to Azure Container Instance
- Azure Synapse severless SQL pool - query execution fails
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- Where can I find the resource id of an Azure function app in the Azure portal?
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Basic SQL commands in Terraform
- Linux Azure Webjob in nodejs referring to node.exe
- Running Azure functions locally gives "No runtime" error after .NET7 upgrade
- Azure DataSync tables not showing up
- Azure ML: Unable to find workspace
- unable to start 'Docker for windows' on Azure Win 10 VM
- How to enable virtualization in Azure VM
- Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?
- how to get v2 type token using msal python
- The mock in my pester test keeps calling Connect-AzAccount
- HttpResponseError in Azure Ai search