<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
UNEXPECTED_ERROR while Attempting to Save Office 365 Provisioning Settings
Mar 31, 2026
Okta Integration Network
Okta Classic Engine
Okta Identity Engine
Overview

After authenticating with an Office 365 admin account, attempting to save the Office 365 provisioning settings results in an "UNEXPECTED_ERROR" message being returned. User Sync or Universal Sync is selected as the Office 365 provisioning option. If License Sync or Profile Sync is selected, the provisioning settings can be successfully saved.

 

In the System Logs, the following events can be observed with the eventType eq "app.office365.api.error.set.company.dirsync.failure" search query:

 

Unable to enable Office 365 directory sync for the company, received error: com.microsoftonline.provisioning.IProvisioningWebServiceSetCompanyDirSyncEnabledAccessDeniedExceptionFaultFaultMessage: Current user does not have permissions to the make this call.

Applies To
  • Office 365
  • Provisioning
  • User Sync
  • Universal Sync
Cause

Due to a change with the Microsoft Office APIs, Okta is no longer able to automatically enable Directory Sync (DirSync) when User Sync or Universal Sync is enabled and the Office 365 provisioning settings are saved. Okta is aware of this issue and is working towards a solution.

Solution

Directory Sync can be enabled manually with the following PowerShell commands:

# Install v1.0 and beta Microsoft Graph PowerShell modules

Install-Module Microsoft.Graph -Force 

Install-Module Microsoft.Graph.Beta -AllowClobber -Force

# Connect With Hybrid Identity Administrator Account

Connect-MgGraph -scopes "Organization.ReadWrite.All,Directory.ReadWrite.All"

# Verify the current status of the DirSync Type

Get-MgOrganization | Select OnPremisesSyncEnabled

# Store the Tenant ID in a variable named organizationId

$organizationId = (Get-MgOrganization).Id

# Store the False value for the DirSyncEnabled Attribute

$params = @{

onPremisesSyncEnabled = $true

}

# Perform the update

Update-MgOrganization -OrganizationId $organizationId -BodyParameter $params

# Check that the command worked

Get-MgOrganization | Select OnPremisesSyncEnabled

After running the above commands, try saving the Office 365 provisioning settings again and verify that they saved successfully.

 

NOTE: Before running any PowerShell command, please carefully review the command and the current Office 365 integration configuration. It is also recommended to review Microsoft's PowerShell documentation to understand the command functionality and proper usage.

 

If the command Install-Module Microsoft.Graph -Force above fails with the error:

 

WARNING: Unable to resolve package source 'https://www.powershellgallery.com/api/v2/'
Then enable TLS1.2.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12


 

Recommended content

Still looking for help?
Loading
UNEXPECTED_ERROR while Attempting to Save Office 365 Provisioning Settings