I am using the Graph API with app permission & with a certificate.
I know how to send emails with the sender which is different from the requestor's email.
I go to admin.exchange.com, select the user and add a mailbox delegation then add the user in "Send as".
My question is how to add user with "Send As" option via Graph API only.
I would like use this method microsoft permission: but from graph api
Thanks for your help
No this (and all the other Exchange Admin tasks) aren't currently in the Graph API, the only option for doing this programmatically is to use the Powershell cmdlets https://learn.microsoft.com/en-us/powershell/module/exchange/add-mailboxpermission?view=exchange-ps. The good news is that the v2 Powershell module does now support the client_credentials flow https://techcommunity.microsoft.com/t5/exchange-team-blog/modern-auth-and-unattended-scripts-in-exchange-online-powershell/ba-p/1497387
Related
I am new to bot development. I am working on creating a MS Teams bot using bot framework. The bot will be installed in ‘Personal’ scope in Teams, and it doesn’t have any tab / messaging extension etc. Once installed, I want to get the list of all the members/ channels/ Notification updates (i.e. members added/deleted etc.). As per the different documentation, I can get the list using Graph API.
List members of team - Microsoft Graph v1.0 | Microsoft Docs
List members of a channel - Microsoft Graph v1.0 | Microsoft Docs
To achieve this, I need the token that will be passed in API. I am not sure how to implement that. I have followed the instructions mentioned in Add authentication to a bot in Bot Framework SDK - Bot Service | Microsoft Docs. There was a step to add ‘Add OAuth Connection Settings’ and there were multiple options in ‘Service Provider’. I selected ‘Azure Active Directory v2’. After doing that, it works and I can get the token, but it only works if during login, I user my azure directory credentials. I have a Microsoft account linked with my MS Teams which id different than the Azure account. A user in team can have a Microsoft account / work / office account so this needs to work for everyone so what would be the correct ‘Service Provider’ option that will work for all accounts?
I was thinking that the flow should be like:
When clicks on ‘Add’ button to install the app in Teams
Once added, bot will prompt for Graph API permission using OAuth.
Once user gives the permission, I can use the token to call graph APIs.
I have also looked at the following tutorials:
How to use Bot Framework Composer to build low-code Microsoft Teams bots (Part 1)
Get user profile information in your Microsoft Teams bot with Microsoft Graph (Part 2) - YouTube
But after performing all the steps, when I try to login, it says – ‘This action can't be performed since the app does not exist or has been uninstalled.’.
I am not getting a clear approach on how to proceed with it.
As #Maxim has also suggested, if you want to have a bot that should run multitenant you need to put tenant Id as common in OAuth Setting in Azure bot. As the value suggest it isn't going to specific to single tenant and Redirect Uri should be set to https://token.botframework.com/.auth/web/redirect in app registration.
This is it, you don't need to add anything.
This is also mention in the doc --
We have some sample around it as well that shows how to use Graph API with the bot -
https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/csharp_dotnetcore/24.bot-authentication-msgraph
You can setup this one and update the Graph calls to get member of team or channels.
Is there any example how I can achieve following requirement:
I need to read Planner Plans from Group in an Azure Function trough Graph Api.
Application permissions are not supported, only delegated.
I tried with ConfidentialClientApplicationBuilder with OnBehalfOfProvider, but no luck. I do not know how to set UserAssertion in this case.
Also, username and password flow is not an option, because end user can use MFA.
Unfortunately Microsoft Planner APIs on Microsoft Graph do not support Application permissions (App-only) . This is confirmed in the docs here https://learn.microsoft.com/en-us/graph/api/planner-post-plans?view=graph-rest-1.0&tabs=http#permissions
Please vote up the feature request for this https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/5904632-application-permissions-to-task-api
I have a question about handling permission grants of inboxes via Microsoft Graph API.
Is it possible via Microsoft Graph API to grant another user the access permission to my inbox messages?
I dont found any suitable operation until now.
Retrieving relased mailboxes from another user works fine, but how to make my own inbox visible to specific user that he has the grant to access my inbox?
I dont found a operation under:
https://graph.microsoft.com/v1.0/users.....
or https://graph.microsoft.com/v1.0/me.......
Thanks for your help
According to the documentation, you'll need delegated access.
If the app has the appropriate delegated permissions from one user, and another user has shared a mail folder with that user, or, has given delegated access to that user.
At this moment you have no way to share your mailbox by using the api. If you however shared your mailbox with some other user, they will be able to access it.
I think it's a good thing that you cannot share your mailbox from an app, because it would be easy to compromise a mailbox of some user by a malicious app. If you really want you might be able to share the users mailbox by using EWS (that is the same connection the Outlook app uses).
In searching the Microsoft Graph API documentation I have been unable to find any documentation on any APIs that would allow me to get the "Send as" or "Send on behalf of" settings for an Office 365 mail user.
I'd like to fetch these prior to sending an email so that my application can allow users to choose which emails to send from.
Anyone have any insight as to if this information is behind any of the v1.0/beta graph APIs or whether it is just completely unavailable.
Here's the documentation for how Microsoft informs users how to set up send-as aliases https://learn.microsoft.com/en-us/office365/admin/add-users/give-mailbox-permissions-to-another-user?redirectSourcePath=%252farticle%252fSend-email-from-another-user-s-mailbox-in-Office-365-2B828C5F-41AB-4904-97B9-3B63D8129C4E&view=o365-worldwide#bkmk_sendemailanotheruser
You can find this under the Send Outlook messages from another user section of the documentation.
Two types of permissions apply to sending messages from another user: Microsoft Graph permissions, and mailbox permissions.
I'm trying to access a group calendar using the microsoft graph api as the application (I don't want to use delegate permissions).
If I request calendar events using the below I get the events for the user just fine.
https://graph.microsoft.com/v1.0/users/[emailAddress]/events
If I make a request to the following I get group information:
https://graph.microsoft.com/v1.0/groups/[groupId]/
If I make a request to this:
https://graph.microsoft.com/v1.0/groups/[groupId]/events
I get "Access is denied. Check credentials and try again."
In azure portal, I've given my app service the following Application permissions:
Calendars.Read
Calendars.Read.Shared
Group.Read.All
User.Read.All
What am I missing?
Applications permissions to list events is currently not supported. Also, listing events using delegated permissions with a Personal accounts is not supported. Please refer to List Events documentation which has the details. You can also refer to known limitations of Graph here.
A user voice on this feature request is also available here and you can upvote the same so that the product team can include into their plans.