Microsoft Intune provides a MAM policy checking method named isOpenFromAllowed:
policy.isOpenFromAllowed(location: <#T##IntuneMAMOpenLocation#>)
My question is where does .accountDocument refer to in this policy check?
policy.isOpenFromAllowed(location: .accountDocument)
Is it the iCloud documents? is it the local files? is it the documents directory in the app sandbox? What specifically does .accountDocument refer to?
Related
I am following the link to integrate One Drive SDK into an existing iOS app. I have an free account created on azure portal. Its a work account so I can see a default Azure Active Directory.
During this process, I need to register the app on the Azure portal. This link for registering apps and generating app ID does not work in my case.
I am unable to create an app ID or access existing active Azure Directory details. The portal shows me restricted access page as mentioned in this link : https://learn.microsoft.com/en-us/answers/questions/352443/microsoft-azure-free-trial-no-access-to-acitive-di.html. The solutions mentioned in this link does not work for me as those options are not seen on the screen.
Any kind of help in understanding the trouble will be of great help!
This might be due to insuffient permissions as this is a free trial account.
Go to your Overview pane of your subscription and check if there are any directories present.
If not try creating a free trial account using a Work or school account and there you will be provided with a default directory. Then Create new Azure AD Tenant and then Connect your Azure free subscription to your new Azure AD Directory.
REFERENCES:
Associate a subscription to a directory.
Create a new tenant for your organization.
I am developing an app in Microsoft Teams using the App Studio. Towards the end of the proccess, in the section Domains and Permissions, you are allowed to give resource-specific consent permissions such as File.Read.Group. I was wondering where I would use these permissions (Microsoft Graph, Azure AD Graph, ...) to programmatically access an API. As a side question, does anybody know which permission allows the app to manage group members?
Thank you!
Here is a good read on that permissions settings page, those consent permissions are not actually a part of azure ad app registrations as of this articles writing. so that means while they are sort of graph permissions, you would use them against the graph api. They are for specific teams based resource specific permissions.
https://blog.thoughtstuff.co.uk/2020/01/microsoft-teams-has-a-new-more-granular-and-resource-specific-permissions-model-for-apps-what-is-resource-specific-consent-rsc-and-how-do-i-use-it/
the official documentation on the matter: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent
as per the microsoft link i don't see a resource specific permission to "edit" groups members.
When registering a Graph application in Azure Portal there are permissions for chat.read and chat.readwrite. Are there corresponding dotnet sdk methods for accessing chat with these permissions enabled?
If not are there plans to support this in the future?
Timelines, etc? If this isn't the correct location to ask this question, please provide a link to the website where this question can be answered.
permissions:
I have a private group with a site where we have a document library. (I have access to this group/site)
I am currently trying to access the files within this directory.
Document Library:
https://support.office.com/en-us/article/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872
I registered an application in the azure portal and I think, I set all necessary permissions.
Microsoft Graph:
Read all groups
Read directory data
Access directory as the signed in user
Read all files that user can access
Read items in all site collections
Office 365 SharePoint Online:
Read user profiles
Read user files
Read items in all site collections
Read managed metadata
Windows Azure Active Directory:
All permissions given
I am able to get a token via OAuth authentication, but:
Accessing
https://graph.microsoft.com/v1.0/
Tells me
InvalidAuthenticationToken
Accessing
https://tenantname.sharepoint.com/_api/v1.0/
Is working, but I did not find a way to access the document library from there
In the end, I want to access (List&Read) the files in an iOS application. It would be great, to use the onedrive-sdk for this, as the office365-sdk seems broken for Swift4 at the moment.
I may have left out some information, in that case just ask for them
We are using the iOS Intune SDK to build a native MAM app. This app needs to access the Graph API to read the user profile and other data. What we did:
(1) We registered a app and gave the permissions: User.Read (for Graph and Windows Azure AD), DeviceManagementManagedApp.ReadWrite
Login and enrollment to Intune is working, the app gets enrolled. But, when trying to obtain the access token for the Graph API using the ADAL SDK I need to sign in again a then I am blocked with the message that the device needs to be managed to access this resource.
Do I need another permission? Where to I get the access token from? Is anything else missing?
From your description it appears you have a Conditional Access policy enabled that requires mobile devices are Intune MDM managed. When you call the Graph API from an unmanaged device it will ask you to enroll the device. If you remove the Conditional Access policy you should be able to confirm this.