IT Error Decoder
Microsoft Graph PowerShell

How to Fix Get-MgGroupMember: Insufficient privileges to complete the operation

Error message

Get-MgGroupMember : Insufficient privileges to complete the operation.

If you're seeing "Get-MgGroupMember: Insufficient privileges to complete the operation", you're not alone. Here's what it means, why it happens, and the steps to resolve it.

What this error means

Your signed-in Microsoft Graph PowerShell session does not have the scopes (permissions) needed to read group members.

Why this happens

Connect-MgGraph was called without the required scopes, or you authenticated as a user who lacks the directory role to read group membership.

Step-by-step fix

  1. Disconnect any existing session, then reconnect with the scopes needed to read groups.

    command
    Disconnect-MgGraph
Connect-MgGraph -Scopes 'GroupMember.Read.All','Group.Read.All','User.Read.All'

  2. Verify the scopes actually granted to the current session.

    command
    (Get-MgContext).Scopes

  3. Re-run the original command after consent has been granted.

    command
    Get-MgGroupMember -GroupId <group-object-id>

  4. If you are running unattended (app-only auth), make sure the app registration has the matching application permission and admin consent.

Affected products

Microsoft Graph PowerShell

Still broken? Try these

  • Confirm the user account has a directory role that can read groups (e.g. Global Reader, Groups Administrator).
  • Check Conditional Access policies that may be blocking the Microsoft Graph PowerShell client.
  • Try the same call against a known group ID to rule out a typo in the GroupId.
  • Run the command from a different network in case an IP-based CA policy is in play.

Related errors

Frequently asked questions

What does "Get-MgGroupMember: Insufficient privileges to complete the operation" mean?

Your signed-in Microsoft Graph PowerShell session does not have the scopes (permissions) needed to read group members.

What causes "Get-MgGroupMember: Insufficient privileges to complete the operation"?

Connect-MgGraph was called without the required scopes, or you authenticated as a user who lacks the directory role to read group membership.

How do I fix "Get-MgGroupMember: Insufficient privileges to complete the operation"?

1. Disconnect any existing session, then reconnect with the scopes needed to read groups. 2. Verify the scopes actually granted to the current session. 3. Re-run the original command after consent has been granted. 4. If you are running unattended (app-only auth), make sure the app registration has the matching application permission and admin consent. Always test changes in a non-production environment first.

Browse more errors in Microsoft Graph PowerShell: Fix Microsoft Graph PowerShell errors. Insufficient privileges, invalid object ID, missing cmdlets, token problems, and more. Or paste your own error into the error decoder tool to find a match. You can also go back to the homepage to browse common errors by topic.