I am creating the shareable links through Microsoft Graph API by following this documentation
https://learn.microsoft.com/en-us/graph/api/driveitem-createlink?view=graph-rest-1.0&tabs=http
The response I am getting is
#<HTTParty::Response:0x563ee09ce0d0 parsed_response={"error"=>{"code"=>"accessDenied", "message"=>"Account Upgrade is required for this operation.", "innerError"=>{"code"=>"accountUpgradeRequired", "date"=>"2020-07-13T05:17:42", "request-id"=>"abc-request-id"}}}
Steps I've done to solve this
I've upgraded account from trial to paid
I've granted the application and delegated full permissions of Sites and Files
Related
I'm trying to proactively install my Teams app, which is still in development and has not been fully published by Microsoft. I've installed it to my Teams org in the Teams admin center. When I try to install the app in the personal scope of my test user, I'm getting the following message (excluding my azure app id):
{
"error": {
"code": "Forbidden",
"message": "AAD App Id {My azure app ID} is not allowed to manage the Teams App '8782dd91-2afe-45e9-8906-858553f7675c'.",
"innerError": {
"date": "2021-09-12T21:19:56",
"request-id": "b50af1b2-b697-403f-b0be-4f66486f4ac1",
"client-request-id": "b50af1b2-b697-403f-b0be-4f66486f4ac1"
}
}
}
The request I'm sending:
POST https://graph.microsoft.com/v1.0/users/{{USERID}}/teamwork/installedApps
Body:
"teamsApp#odata.bind": "https://graph.microsoft.com/v1.0/appCatalogs/teamsApps/8782dd91-2afe-45e9-8906-858553f7675c"
}
What might the issue be? In the developer portal for my app (https://dev.teams.microsoft.com/apps/), my application client ID for my Teams app is set as the correct Azure app ID, so not sure why it isn't allowed to proactively install the Teams app here.
Thanks!
I've been able to successfully make this call in a similar setup, by granting the permission TeamsAppInstallation.ReadForUser.All to the Azure AD app on the client tenant (the tenant of the Teams user).
Update
Sorry in fact the truth is even more crazy than that. Turns out I only get this error when my application requires (and gets) the permission TeamsAppInstallation.ReadWriteSelfForUser.All.
That's right: by getting one additional permission, you have less abilities. I guess only Microsoft could pull that one off 🤣
Original TL;DR
Azure AD apps permissions don't seem to propagate reliably. Re-installing the app on the client tenant(s) may help.
By install I mean going to Azure portal as an admin, Enterprise Applications, selecting the app, then clicking Grant admin consent for <...>.
Original Details
For the record, I was getting the same error for another endpoint (trying to list chats). But after the following flow, the call was accepted by Microsoft Graph !
removed all the permissions of the Azure AD app
the app was still able to list Teams installations in the client tenant 🤯
added a dummy permission to the app, so I could re-install it on client tenant
now the call to list Teams installations was denied by MS Graph
added back single permission TeamsAppInstallation.ReadForUser.All
re-install on client tenant again
now both calls (list Teams installations, list chats) work
Good luck 🍀
I am trying to collate information corresponding to Microsoft 365 Apps Usage of our employees as shown in some reports on Admin Portal(admin.microsoft.com). We are facing some challenges in getting report data corresponding to these in our code.
I need following information for integration in our web application:
Do we have any Graph API or PowerShell cmdlet(not deprecated) exposed which can be integrated in our code to get Microsoft Apps Usage Data(like ProPlusUsageUserDetail excel data downloaded from admin portal)?
Can we get Version Details of Microsoft 365 Apps and Services being used by users?
We have already used graph api GetOffice365ActiveUserDetail (adding link below for reference) which give usage for only Microsoft Services and not Apps:
https://learn.microsoft.com/en-us/graph/api/reportroot-getoffice365activeuserdetail?view=graph-rest-1.0
We need same kind of information for Microsoft 365 Apps (Word, Excel, PowerPoint etc.)as well .
You can try portal.office.com and check the reports to see if you have related report is available apart from that, at this point i am not aware such information you can request from Microsoft Graph APIs. Consider raising a feature request in User voice, so that Microsoft can consider it. Here's the link for it https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests?query=report
I want to start doing some development with the preview edition of the Microsoft Teams APIs.
I currently have a solution working using the Azure AD v2 Endpoint but I wanted to get a working solution using the v1 Endpoint.
I can't find any Microsoft Teams permissions available in the Azure AD portal and I didn't see anything specifically about this in the Known Issues the Teams API.
Can anyone comment on whether there are any options for a pure v1 Endpoint solution using application registration available right now? If not, is it planned?
The v1 Endpoint uses the same permissions as the v2 Endpoint. The primary difference between the two is that v2 scopes can by dynamically requested during authentication while v1 Endpoint requires permissions to be pre-defined within the registration.
When using the Azure Portal, all of the permissions for Teams show up under "Microsoft Graph". For the Teams you'll generally need User.Read and Group.ReadWrite.All. The Azure Portal lists permissions by description (although you can see the underlying scope name in the tooltip):
Sign in and read user profile (user.read)
Read and write all groups (Group.ReadWrite.All)
Note that Group.ReadWrite.All does require Admin Consent. Before you can authenticate normal user's, you will first need to have an Administrator go through the Admin Consent process.
I'm posting this as the answer, because I'm pretty certain this will trip up other developers out there. Up to this point, when getting an access token for AAD v1 apps that use Microsoft Graph, you use "https://graph.windows.net" as the Resource ID. The interwebs are replete with this example, and I have it in my own code that I use for OneNote and other services.
Now with the Graph endpoint for connecting to Teams (and probably other things), the Resource ID you need to use is "https://graph.microsoft.com". Just ran through a quick test using an AAD v1 app with the Microsoft Graph API and Read All Groups permission. I'm sure there's an explanation out there from some MSFT person that might make sense, but I have not found it after many hours of searching the web.
Hope this helps someone.
I have the following requirements:
Create a MVC site with Azure AD authentication.
Fetch lists from SharePointOnline/O365 which also uses the same Azure AD.
Fetch lists from SharePointOnline/O365 anonymously (is it even possible?)
Thanks to VS2015 the first step is trivial.
But how to authenticate the current user in SharePoint? User.Identity does not provide password, so I cannot use ClientContext.Credentials.
I heard there is some Token Provider but haven't found a working case yet. Can anyone help me out?
To get the list of SharePoint online from our MVC sites, you can consider using the Microsoft Graph REST API instead of CSOM.
You can refer here about the list operation of Microsoft Graph. However, since this API is in beta version, it is not recommend to use in the product version.
And you also can refer the link below to get started developing with Microsoft Graph:
App authentication with Microsoft Graph
All of my calls to the following Google APIs have started failing:
Provisioning
Profiles
Reporting
Reporting Visualization
Admin Audit
Email Migration (v1)
Documents List
Has something changed?
All the API listed were shut down as of April 20, 2015 as per the deprecation policies of the Admin SDK and Documents List API.
Please see the following migration guides for more information on how to migrate:
Provisioning API to Admin SDK Directory API
Profiles API to Admin SDK Directory API
Reporting API to Admin SDK Reports API
Admin Audit API to Admin SDK Reports API
Email Migration API (v1) to Gmail API
Documents List API to Drive API
If the shutdown has impacted a business critical application, please contact Google for Work Support.