Microsoft-graph-docs: Updating business phones - Insufficient privileges to complete the operation

We started receiving the same error recently on our Graph application. The same API call works fine with other fields.
Also we are able to successfully modify businessPhones through the Graph Explorer using Delegated user permissions -- but this isn't feasible in our application.

I am receiving the exact same issue from around the same date the issue was opened.

We can successfully modify otherwise, using our application with the correct rights we receive the insufficient privileges response.

I am having the same issue but with MobilePhone field - I have opened a query https://github.com/microsoftgraph/msgraph-sdk-dotnet/issues/309

We ended up opening a Support Request with Microsoft to solve the issue. Microsoft updated the security policy around PII, you have to add the Helpdesk Administrator role to the Service Principal/Enterprise application

Here is the response from our Support Request, and I can confirm this fixed our issue updating "businessPhones":

The reason that this is occurring is because there was a recent change due to new PII sensitivity issues.

So now you will need to add the Helpdesk Administrator role to the Service Principal/Enterprise application now.

You can do this by following the article here :
https://blogs.msdn.microsoft.com/aaddevsup/2018/08/29/how-to-add-an-azure-ad-role-to-a-enterprise-application-service-principal/

This is to modify values such as : mobile/othermails/telephonenumber attributes.

I also answered the original link to the stack overflow issue:
https://stackoverflow.com/questions/52626067/microsoft-graph-api-insufficient-privileges-when-trying-to-update-mobilephone

We ended up opening a Support Request with Microsoft to solve the issue. Microsoft updated the security policy around PII, you have to add the Helpdesk Administrator role to the Service Principal/Enterprise application

Here is the response from our Support Request, and I can confirm this fixed our issue updating "businessPhones":

The reason that this is occurring is because there was a recent change due to new PII sensitivity issues.

So now you will need to add the Helpdesk Administrator role to the Service Principal/Enterprise application now.

You can do this by following the article here :
https://blogs.msdn.microsoft.com/aaddevsup/2018/08/29/how-to-add-an-azure-ad-role-to-a-enterprise-application-service-principal/

This is to modify values such as : mobile/othermails/telephonenumber attributes.

I also answered the original link to the stack overflow issue:
https://stackoverflow.com/questions/52626067/microsoft-graph-api-insufficient-privileges-when-trying-to-update-mobilephone

We also opened a support ticket. We still ran into same issue, because if you want to update the number of a Global Administrator your SP needs to have the Company Administrator role.

I can confirm that this fixed my issue too. Since I was updating the accounts of Global admin, I had to give "Company Administrator" role to the enterprise app. Thanks Jeromekol & Inspektor99

On the StackOverflow post Dan Kershaw made a comment:

We're also working on an alternative to running PowerShell to increase the permissions for the app.

Is there any news from Microsoft about this? This is a pretty bad experience for us, and for our customers. Our customers have already consented to allow us to update the user profiles in their directory, and this was working. To say that we now have to reach out to all of our customers and instruct them to go run some PowerShell to give our application additional permissions is pretty bad.

@dkershaw10 are you able to shed any more light on this? It's a super painful regression for those with permissions that seemingly stop working randomly without any notice or heads up.

@dkershaw10 Note: Update docs on what User.ReadWrite.All (app only and delegated permission) allows. Also add notes about deleting (and disabling/enabling) accounts too.

https://docs.microsoft.com/en-gb/graph/api/user-update?view=graph-rest-1.0&tabs=http has been updated.