{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 叼着烟拽天下 的问题《Insufficient privileges to complete the operation》','https://www.manongdao.com/q-334546.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Following the code outlined here:
https://github.com/Azure-Samples/active-directory-dotnet-graphapi-console/blob/master/GraphConsoleAppV3/Program.cs#L810
but using a Service Principal to authenticate one will get a Insufficient Privileges error when trying to create the application on
client.Applications.AddApplicationAsync(appObject).Wait();
with token exchange like the following:
var context = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}");
var token = context.AcquireToken("https://graph.windows.net", new ClientCredential(clientId, secret));
var client = new ActiveDirectoryClient(new Uri($"https://graph.windows.net/{tenantId}"),()=>Task.FromResult(token.AccessToken));
its required that the application has been given the Administrator role that currently seem only possible to add using the powershell tools for azure AD: https://msdn.microsoft.com/library/azure/jj151815.aspx#bkmk_installmodule
and using
connect-msolserviceand using your Azure Ad Administrator user login when prompted.connect-msolserviceGet-MsolServicePrincipal –AppPrincipalId {appId}Add-MsolRoleMember -RoleMemberType ServicePrincipal -RoleName 'Company Administrator' -RoleMemberObjectId {objectID}where the objectID is the output of the 2 command