AB#4608: Convert blog post to article

AmandaAZ · AmandaAZ · commit 44f2e2ac8b94 · 2025-03-20T06:51:01.000Z
diff --git a/support/entra/entra-id/toc.yml b/support/entra/entra-id/toc.yml
@@ -263,6 +263,8 @@
       href: mfa/cannot-verify-account-reset-pwd.md
 - name: Microsoft Graph Users, Groups, and Entra APIs
   items: 
+   - name: Can't modify user mail or phone number attributes
+     href: users-groups-entra-apis/cannot-modify-user-mail-phone-attributes.md
    - name: Handling errors in Graph API requests with Invoke-RestMethod
      href: app-integration/graph-api-error-handling-invoke-restmethod.md
    - name: Troubleshoot Authorization RequestDenied error
diff --git a/support/entra/entra-id/users-groups-entra-apis/cannot-modify-user-mail-phone-attributes.md b/support/entra/entra-id/users-groups-entra-apis/cannot-modify-user-mail-phone-attributes.md
@@ -0,0 +1,34 @@
+---
+title: Can't modify user mail or phone number attributes
+description: Provides a solution to an issue where you can't modify certain personal information for another user.
+ms.date: 03/20/2025
+ms.reviewer: bhvootla, adoyle, nualex, v-weizhu
+ms.service: entra-id
+ms.custom: sap:Getting access denied errors (Authorization)
+---
+# Can't modify user mail or phone number information
+
+This article provides a solution to an issue where you can't modify certain personal information for another user, such as mail and phone number.
+
+## Symptoms
+
+You can't modify the following user attributes for another user:
+
+- mobilePhone
+- businessPhones/telephoneNumber
+- otherMails
+
+Most users experiencing this issue are Microsoft Graph service principals or Microsoft Entra users that use the client credentials grant type. Additionally, they get a 403 error.
+
+## Cause
+
+This issue occurs due to insufficient permissions. For Microsoft Entra users, the `User.ReadWrite.All` permission can change a user profile except the three user attributes. For Microsoft Graph service principals, having the `Directory.ReadWrite.All` permission isn't sufficient to modify the three user attributes.
+
+## Solution
+
+To resolve this issue, assign a Helpdesk Administrator, User Administrator, or Global Administrator role to the service principal or user that changes the three attributes, depending on the user that tries to modify the role. Only the three admins can make changes to the three attributes.
+
+> [!CAUTION]
+> When you assign one of the three admin role to the service principal or user, you give them the ability to perform tasks at that level.
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]
