• Create a new application in App Registration under Azure AD.
  • Once the application is created copy the Object ID.
  • Open Graph Explorer by using https://developer.microsoft.com/en-us/graph/graph-explorer# url.
  • Click on Sign in with Microsoft on the left and Sign in with Global Admin account who is a member of same directory and not added as external (guest) user.
  • In Graph Explorer, click on Modify permissions > select Directory.AccessAsUser.All > click Modify Permissions.
  • Click on Accept at consent page.
  • In Graph Explorer, use following query. Where, <ObjectID_of_the_application> is the value copied in Step 2.
POST https://graph.microsoft.com/beta/<your_tenant.onmicrosoft.com>/applications/<ObjectID_of_the_application>/extensionProperties
  • Use following text in the Request body. Since the targetObject is user, the attribute will be created for all Users in the tenant. Note: Please type the request body manually as with copy-paste Graph Explorer will not recognize some of the characters.
"name": "employeeType",
"dataType": "String",
"targetObjects": ["User"]
  • To update the attribute with a value use:
PATCH https://graph.microsoft.com/beta/users/your_globaladmin@your_tenant.onmicrosoft.com
  • To verify if the attribute is updated successfully run following query:
GET https://graph.microsoft.com/beta/users/<User’s_UPN_or_Object ID>

Leave a Reply

Your email address will not be published. Required fields are marked *