0

I'm using the REST Azure AD API to disable a certain application of a user. The license already in effect is Office 365 A1 for faculty and the product I want to disable is Sway (this is just a test).

According to documentation, all I have to do is to post to /users/XXX/assignLicense containing following JSON content:

{
    "addLicenses":[{
        "disabledPlans": ["a23b959c-7ce8-4e57-9140-b90eb88a9e97"],
        "skuId":"94763226-9b3c-4e75-a931-5c89701abe66"
    }]
}

The GUID for Sway was learned from Product names and service plan identifiers for licensing. The SkuId is the same used when the user was created and licensed.

The user in question was created by using a REST API call so I'm pretty sure the part of access token retrieval and stuff is correct.

However, I always receive a HTTP error 400 (Bad Request) with no detail about what is wrong.

Any ideas?

AlexSC
  • 1,823
  • 3
  • 28
  • 54

1 Answers1

1

You missed a required parameter: removeLicenses.

Please try this:

{
  "addLicenses": [
    {
      "disabledPlans": [
        "a23b959c-7ce8-4e57-9140-b90eb88a9e97"
      ],
      "skuId": "94763226-9b3c-4e75-a931-5c89701abe66"
    }
  ],
  "removeLicenses": []
}

Update

As we discussed in the comment, using Microsoft Graph Explorer to get the detailed error message. And re-configure the required permissions in Microsoft Graph Explorer to make it work.

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • It was there in previous attempts, but I removed it because some part of the documentation says we should remove unecessary parts of the JSON to improve performance. Unfortunately this do not solve the question. – AlexSC Sep 03 '19 at 09:59
  • @AlexSC As you mentioned that there was no detailed error message, please use Fiddler4 to fetch requests and response and add them to your question. BTW, have you tried it in Microsoft graph explorer? – Allen Wu Sep 04 '19 at 02:16
  • Your tip on Graph Explorer was right on the target!! I could post my request and received a better error message: "Insufficient privileges to complete the operation.". However my app has the required permissions stated in the reference page and I actually can assign a license to a newly created user. What I can't do is to change it later. – AlexSC Sep 04 '19 at 11:00
  • UPDATE: Graph Explorer allows me to set permissions, so I did and after that it started to work. The strange thing is that I could see the permission granted in the azure ad portal, but for some reason they were not in effect. It's all working now. Post an answer with your suggestion on the graph explorer and i will take it! – AlexSC Sep 04 '19 at 11:06