Today I run into a weird issue while renewing the ClientSecret of an application regitered in Azure AD for using the Microsoft Graph API.

In particular I got the following error message:

The referenced permission ‘fd3373a5-7053-4538-b247-742c38a32d9b’ does not exist.

I searched on the web for that permission ID, but I wasn’t able to find any useful information. Thus, I downloaded the application manifest, to dive into the error. It came out that in my manifest file there was the following permission element:

“requiredResourceAccess”: [
{
“resourceAppId”: “00000003-0000-0000-c000-000000000000”,
“resourceAccess”: [
…
{
“id”: “fd3373a5-7053-4538-b247-742c38a32d9b”,
“type”: “Scope”
},
…

The resourceAppId with value 00000003-0000-0000-c000-000000000000 refers to the Microsoft Graph API, and in the Azure AD management UI my app had 24 delegated permissions assigned to the Microsoft Graph application, meanwhile in the manifest there were 25 permission elements. I removed the failing permission, I uploaded the manifest file back to Azure AD and I was able to create my new ClientSecret.

Most likely the permission with ID fd3373a5-7053-4538-b247-742c38a32d9b has been removed from the list of permission for the Microsoft Graph. To be fair I cannot remember what was it, but it would be better to not have breaking changes like this one, if it is possible and if my analysis is correct. I wrote this post just to keep track of an issue, which looks like nobody else already faced, but it could happen in the future…