I've a flow where I've previously used the send HTTP action to call Graph to add a user to a standard security group, which works just fine. I'm trying to switch over this function to use the default Azure AD connector, which isn't premium, and allows me to simplify the flow a bit because I won't have to use Azure key vault (also a premium connector) to store & retrieve the client secret.
Obviously when I make this change, I'm changing the security context the action runs under: HTTP Graph call uses my registered app, Azure AD connector uses the user account the connection is made under - which by default is the same account that's authoring the flow (i.e. me). Problem is, I'm still getting an insufficient privileges error with the Azure AD action "Add a user to a group"
Top is my HTTP call to graph just to show that it works OK, below is the same task using the Azure AD connector. The AAD task connection is under my user account:
This account has the following roles assigned:
So a pretty all-powerful account!!
Further to this, the account is also set as an owner of the group in question:
But I STILL cannot manage the membership of the group in question.... - I can't think what else I am missing permission-wise.... My account can manage the group interactively in the portal....