question

• I tried using delegated permissions for the above API call, with same Graph permissions and the logged in user has global administrator role (also you can have tenant administrator). It works for me.
  

• I would suggest you to try repro the issue outside of your application, by try repro with POSTMAN/Graph Explorer as well?
  

• Also share the error info(along with timestamp, requestid).

I'm having the same problem as Kevin.

Tried this by using the graph-explorer website. Tried it by using Postman. Same error.

As Kevin, I am a global Admin, and User.Read and User.Read.All permissions are granted.

I tried while logged on to the company VPN and tried it without VPN.

Strange thing, I am pretty sure a few days ago this was working correctly. Now it isn't anymore.

FYI, this is the complete error message:

{
"error": {
"code": "ErrorInsufficientPermissionsInAccessToken",
"message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileAccessDeniedException' was thrown.",
"innerError": {
"date": "2021-02-19T09:44:35",
"request-id": "cbd96a1f-7982-44f5-ac8f-e5a73ce636eb",
"client-request-id": "cbd96a1f-7982-44f5-ac8f-e5a73ce636eb"
}
}
}

Kind regards.

Thanks for your answers

I tried with two different tenants , using graph explorer and I have the same errors :

{
"error": {
"code": "ErrorInsufficientPermissionsInAccessToken",
"message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileAccessDeniedException' was thrown.",
"innerError": {
"date": "2021-02-19T11:43:06",
"request-id": "04392c3b-92ea-4e87-a748-5500ab0783d2",
"client-request-id": "2aa7a1e3-3f1b-9a39-7765-31c9a1778a53"
}
}
}

Not sure if this is linked but few weeks ago we were able to add the streetaddress to the profile card
Now when we try to add a custom attribute the POST works with no errors but the property does not appear on the profile card of the users

https://docs.microsoft.com/en-us/graph/add-properties-profilecard

I am also facing the same issue but with different resource(phone), it was all working fine 5 days ago.
I have User.ReadBasic.All permission as mentioned in document.
https://docs.microsoft.com/en-us/graph/api/profile-list-phones?view=graph-rest-beta&tabs=http

{
"error": {
"code": "ErrorInsufficientPermissionsInAccessToken",
"message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileAccessDeniedException' was thrown.",
"innerError": {
"date": "2021-02-25T03:27:38",
"request-id": "487ea242-f51f-4a0c-86b5-838bfd6efba7",
"client-request-id": "d329d5a4-c894-e2d1-d874-71a691af3d09"
}
}
}

Request URL: https://graph.microsoft.com/beta/users/<userid>/profile/phones?$select=number,type
Request Method: GET
Status Code: 403 Forbidden

Just to let you know , it looks like Microsoft fixed the problem and I am now able to see the output

I am still getting the same error with this api - https://graph.microsoft.com/beta/users/<uid>/profile/phones?$select=number,type

{
"error": {
"code": "ErrorInsufficientPermissionsInAccessToken",
"message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileAccessDeniedException' was thrown.",
"innerError": {
"date": "2021-03-05T15:05:09",
"request-id": "65f1f3ee-d659-4359-b643-0ae3640d1ab3",
"client-request-id": "97cd81d5-041f-db43-9041-1c9387b04a43"
}
}
}

hi.
I also have this issue:

GET https://graph.microsoft.com/v1.0/me HTTP/1.1
Host: graph.microsoft.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="102", "Google Chrome";v="102"
Authorization: Bearer
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: /
.....

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: application/json
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: 9b88b3fa-d93a-4fcc-b9af-62599efedd54
client-request-id: 9b88b3fa-d93a-4fcc-b9af-62599efedd54
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"AM4PEPF0001511C"}}
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Location, Preference-Applied, Content-Range, request-id, client-request-id, ReadWriteConsistencyToken, SdkVersion, WWW-Authenticate, x-ms-client-gcc-tenant
Date: Mon, 06 Jun 2022 08:36:49 GMT
Content-Length: 328

{
"error": {
"code": "ErrorInsufficientPermissionsInAccessToken",
"message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileAccessDeniedException' was thrown.",
"innerError": {
"date": "2022-06-06T08:36:49",
"request-id": "9b88b3fa-d93a-4fcc-b9af-62599efedd54",
"client-request-id": "9b88b3fa-d93a-4fcc-b9af-62599efedd54"
}
}
}

Hi guys! You need to add scope param to request as string:
'profile openid email User.Read'

From Russia with love )