Issue with Sharepoint User Profile Sync from EntraID

Question

Hello,

I am encountering an issue with Sharepoint not updating User Profiles that are updated Entra ID to Sharepoint Online, and deleted users from Entra are still cached in Sharepoint. So we want to force a sync and trying to execute the Sync-PnPSharePointUserProfilesFromAzureActiveDirectory command as part of a SharePoint PnP setup. But receiving issues, the error message is as follows:

Steps Taken So Far:

Access Token Scopes:

I have verified that my access token contains the aud claim set to https://graph.microsoft.com.

Steps Taken So Far:

1. Access Token Scopes:
   • I have verified that my access token contains the aud claim set to https://graph.microsoft.com.
   • The token includes scopes for User.Read.All, User.ReadWrite.All, Directory.Read.All, and Directory.ReadWrite.All.
2. Application Permissions in Azure AD:
   • In Azure AD, the app registration has permissions granted for both Microsoft Graph and SharePoint Online APIs.
   • Admin consent has been provided for all the required API permissions.
3. Roles Assigned:
   • The application is assigned the appropriate roles, and my user account is also assigned Global Administrator role.
4. Validation of Token Claims:
   • I have validated the JWT token used for authentication and confirmed that it matches the required permissions.

Despite these measures, I continue to receive the "Insufficient privileges" error.

Key Observations:

Tokens inspected through https://jwt.io only include the wids claim with the value ["0997a1d0-0d1d-4acb-b408-d5ca73121e90"], which corresponds to "Directory Readers." This is insufficient for the cmdlet's requirements and does not reflect the granted API permissions.

I want to be able to powershell and also do some other changes for Sharepoint sites.