403 - Forbidden - Failed to retrieve appliable Sku categories for the user when trying to add team to Microsoft 365 group
In some cases I get the above mentioned response from the MS Graph API when trying to add Teams to an MS 365 group by doing an HTTP PUT to the endpoint https://graph.microsoft.com/v1.0/groups/{groupId}/team.
I have had the same code doing this for a couple of years, and it only started failing a couple of weeks ago - so I suspect MS have changed something related to this at their end.
This does not seem to happen consistently - for some groups the call succeeds, for some it fails. The identities used for making the call are owners of the groups in question and have the Group.ReadWrite.All and Directory.ReadWrite.All permissions and this has been consented by Global Admin. In some cases when the call fails for one identity it will succeed when doing the call as another identity. In some cases it will fail for all the identities I have tried.
I will normally be doing these calls using the GraphServiceClient in C# where the calling identity is a service principal, but to rule out problems with that I also tried the same in the MS Graph Explorer with the same result - here I use a normal user identity with the correct permissions.
Any similar experiences or suggestions to help resolve this would be highly appreciated
The error usually occurs if the Owners of Microsoft 365 group does not have valid Office 365 license assigned, while adding team to group.
When I tried to create team from MS 365 group with Owners not having active Office 365 license, I too got same error:
PUT https://graph.microsoft.com/v1.0/groups/groupId/team
{
"memberSettings": {
"allowCreatePrivateChannels": true,
"allowCreateUpdateChannels": true
},
"messagingSettings": {
"allowUserEditMessages": true,
"allowUserDeleteMessages": true
},
"funSettings": {
"allowGiphy": true,
"giphyContentRating": "strict"
}
}
Response:
To resolve the error, make sure to assign active Office 365 license to Owners of M365 groups like this:
Go to Azure Portal -> Microsoft Entra ID -> Groups -> All groups -> Select group -> Owners -> Select Owner -> Licenses -> Assignments
When I tried to create team from MS 365 group with Owner having active Office 365 license. I got response like this:
PUT https://graph.microsoft.com/v1.0/groups/groupId/team
{
"memberSettings": {
"allowCreatePrivateChannels": true,
"allowCreateUpdateChannels": true
},
"messagingSettings": {
"allowUserEditMessages": true,
"allowUserDeleteMessages": true
},
"funSettings": {
"allowGiphy": true,
"giphyContentRating": "strict"
}
}
Response:
