I try to retrieve a list of all contacts that are added to our microsoft 365 admin, I login in the graph explorer with the account that has access to the admin center and grant permission to read contacts but still get this error:
The mailbox is either inactive, soft-deleted, or is hosted on-premise
Why is that?
Looks like you don't have valid M365 license assigned. You are getting this error because no Exchange Online mailbox is available to use for the azure ad user who do not have a valid M365 license. Please note that Exchange Online mailbox and outlook calendars will only be available/created for the users with a valid M365 license.
you can check the link, if you have valid subscription - https://outlook.office.com/mail
Related
How to fetch lists of groups and send message to group using API from Microsoft personal account.Can you please provide me some suggestions or doc for above query.
Groups don't exist in Microsoft Personal Accounts context because there is just on personal account. That is why every endpoint in Groups Resource says not supported for Delegated (personal Microsoft account).
If you are trying to send an email to a group from a personal Microsoft account or a work account, you can do that using Send Mail with the groups alias in you toRecipients or ccRecipients in which case the groups till exists in a tenant that you cant access unless you are a guest user there with your personal account.
I'm trying to access a group calendar using the microsoft graph api as the application (I don't want to use delegate permissions).
If I request calendar events using the below I get the events for the user just fine.
https://graph.microsoft.com/v1.0/users/[emailAddress]/events
If I make a request to the following I get group information:
https://graph.microsoft.com/v1.0/groups/[groupId]/
If I make a request to this:
https://graph.microsoft.com/v1.0/groups/[groupId]/events
I get "Access is denied. Check credentials and try again."
In azure portal, I've given my app service the following Application permissions:
Calendars.Read
Calendars.Read.Shared
Group.Read.All
User.Read.All
What am I missing?
Applications permissions to list events is currently not supported. Also, listing events using delegated permissions with a Personal accounts is not supported. Please refer to List Events documentation which has the details. You can also refer to known limitations of Graph here.
A user voice on this feature request is also available here and you can upvote the same so that the product team can include into their plans.
After clicking on "authorize using your own account" and logged in with my work account (I'm a Microsoft employee, so I meant my Microsoft email), I got the error "OAuth Sandbox needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it."
I have contacted Microsoft IT, but they told me to contact the app owner here. Here is the details:
Request Id: 6462a541-01d1-4899-84f9-6b77c3423200
Correlation Id: 9e8d35bd-f719-4422-ab97-941680b32b58
Timestamp: 2019-01-25T00:40:25Z
Message: AADSTS900941: An administrator of Microsoft has set a policy that prevents you from granting OAuth Sandbox the permissions it is requesting. Contact an administrator of Microsoft who can grant permissions to this application on your behalf.
Advanced diagnostics: Disable
If you plan on getting support for an issue, turn this on and try to reproduce the error. This will collect additional information that will help troubleshoot the issue.
I believe Microsoft IT is asking you to reach out to the app owner on stackoverflow.microsoft.com, not on the public stackoverflow site. You should delete this message.
You need to find the owner of that page, presumably the outlook team, and have them request Microsoft IT allow their AAD AppId 32613fc5-e7ac-4894-ac94-fbc39c9f3e4a.
My organization has an institutional e-mail account in Outlook 365.
There is a small number of users who are responsible for managing that mailbox, reading, answering, forwarding and sending messages from that account.
I am writing a web application (PHP) to automate some messaging operations, so I implemented access to that account using Microsoft Graph. But this requires to login using that account's credentials, and I wouldn't like to share account's password (which I have) with those users.
Is it possible to to grant permission for those users' accounts so MS-Graph will allow them to read/write/send messages from that account, once they have logged in? If so, how would it done?
If this post lacks some relevant information I'm not remembering now, please comment and I'll edit to add it.
Thank you very much.
You could use admin consent for that purpose. Administrator can grant access for the entire tenant, and users will not be prompted for consent afterwards
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#requesting-consent-for-an-entire-tenant
What is the purpose of the new delegated scope "Read user and shared mail" in Azure AD for Office 365 Exchange Online.
Is it for accessing shared mailbox with Outlook REST Api? It seemed impossible until now.
Is there some documentation available? Is this scope requires admin_consent?
?
Yes. This permission is used for accessing the messages from the shared mailbox. However we need to specify the shared mailbox we want to retrieve the messages from. Here is an example for your reference:
GET: https://outlook.office.com/api/v2.0/users/sharedmailbox#yourtenant.onmicrosoft.com/messages
Is there some documentation available? Is this scope requires admin_consent?
I didn't find the any document about this scope and based on the test this scope doesn't require admin consent.