无法从 Azure AD B2C 中删除用户

Question

According to this article it should be possible to delete a user from Azure AD B2C using the Microsoft Graph API: https://docs.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-operations (more specifically: https://docs.microsoft.com/en-us/graph/api/user-delete )

I have set the User.ReadWrite.All permission (for permission type Application) and granted admin consent.

However, when calling the corresponding endpoint with a http DELETE request, it fails with the following response:

 {
     "odata.error": {
         "code": "Authorization_RequestDenied",
         "message": {
             "lang": "en",
             "value": "Insufficient privileges to complete the operation."
         },
         "requestId": "b129b3a7-a0e9-42db-aa7a-97da31590095",
         "date": "2020-11-04T12:53:32"
     }
 }

Other operations (such as listing and updating users) work perfectly fine. Does anyone know what causes this behavior? Any help is highly appreciated.

Update:

This is a sample of a request which I try to send to the Graph API: Postman Curl request

Answer 1

Make sure you are calling Microsoft Graph and the configured permissions are under Microsoft Graph.

Based on your Curl request, you are calling Azure AD Graph (endpoint https://graph.windows.net ).

The Microsoft Graph endpoint is https://graph.microsoft.com .

If your permissions are set correctly under Microsoft Graph, try to use DELETE https://graph.microsoft.com/v1.0/users/{user-id} to delete the user.