Unable to update user's skills with Update-MgUser

[yuting1008]

Describe the bug

Hi,

I am trying to update user's skills with the following script in PowerShell. The account I'm using is Global Admin.

Connect-MgGraph -Scopes "User.ReadWrite.All" "User.ReadWrite" "Directory.ReadWrite.All"
Update-MgUser -UserId "USERNAME@M365CPI07775409.OnMicrosoft.com" -Skills @("Test")

I am able to update the profile of the account that I logged in. For example, when I logged in as admin@M365CPI07775409.OnMicrosoft.com, I can change the skill with Update-MgUser -UserId "admin@M365CPI07775409.OnMicrosoft.com" -Skills @("Test").

However, I encountered the error if I want to change others' skills. The error message is as follows.

Update-MgUser : Attempted to perform an unauthorized operation.
Status: 500 (InternalServerError)
ErrorCode: -1, Microsoft.Office.Server.Directory.DirectoryObjectUnauthorizedAcc
essException
Date: 2025-03-21T05:31:56
Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 7b2e96b1-a67c-4271-bb86-f07797e11ad0
client-request-id             : 978498a8-a555-43bc-863d-21d3e49c875e
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"Japan East","Slice
":"E","Ring":"5","ScaleUnit":"000","RoleInstance":"TY1PEPF00014570"}}
Cache-Control                 : max-age=0, private
Date                          : Fri, 21 Mar 2025 05:31:56 GMT
位於 線路:1 字元:1
+ Update-MgUser -UserId "USERNAME@M365CPI07775409.OnMicrosoft.com" -Skill ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ UserId = Quin...softGraphUs
   er }:<>f__AnonymousType49`3) [Update-MgUser_UpdateExpanded]，Exception
    + FullyQualifiedErrorId : -1, Microsoft.Office.Server.Directory.DirectoryO
   bjectUnauthorizedAccessException,Microsoft.Graph.PowerShell.Cmdlets.Update
  MgUser_UpdateExpanded

Thanks you!

Expected behavior

Update user's skills with PowerShell.

How to reproduce

1. Connect-MgGraph -Scopes "User.ReadWrite.All" "User.ReadWrite" "Directory.ReadWrite.All"
2. Update-MgUser -UserId "USERNAME@M365CPI07775409.OnMicrosoft.com" -Skills @("Test")
   (USERNAME@M365CPI07775409.OnMicrosoft.com should be different to the account that you log in to PowerShell.)

SDK Version

No response

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log

```

</details>


### Configuration

_No response_

### Other information

_No response_

[timayabi2020]

Hi @yuting1008 apologies for the inconvenience. It seems the update service is only working with application scopes and not delegated scopes as documented here https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http

For API related issues/questions we are not best placed to give an answer. Kindly raise an issue here https://developer.microsoft.com/en-us/graph/support so that the API owner can respond to it.

[yuting1008]

Hi @timayabi2020 ,

Thanks for your reply! I refer the documentation you provided and also add Sites.ReadWrite.All scope app permission as this post mentioned. Finally, I can update user's skills with PowerShell now! Thanks a lot :)