i have an extension that install on azure devops. how can i get all user in my organization without register a client app with Azure DevOps => get token then call rest api ?
Because i want other people can install my extension, and they doesn't want to do any step
You can use this api to get users in All Users page:
https://vsaex.dev.azure.com/{OrganizationName}/_apis/UserEntitlements?%24filter=&%24orderBy=name%20Ascending
Related
We have created a Microsoft Teams tab app with bot integration that we want to distribute to various organizations either manually or via an App Store. In summary,
We created Tabs App with Microsoft Bot using node.js botbuilder package.
We provided zip archive to another organization (another tenant Id).
Organization uploaded our app using Microsoft Teams Admin panel and approved permission in Permission tabs.
Question is how can we receive the tenant id from the organization we are deploying to without asking their admins to go to Azure Active Directory and look it up. Once provided, the graph api and the multi tenant bot does work fine. We are trying to avoid asking their admin to provide us the tenant id and want to retrieve it automatically upon the app being uploaded or on startup.
Thank you.
The best place to get the tenant id is from the access token you are provided by logging in to your app. Look for the 'tid' value.
I'm assuming you are talking about stream lining the company wide admin consent for your application.
What you can do is have a web site that a customer's admin can log into (using standard Microsoft OAuth interactive flow). You can then pull the Tenant ID from the access token and then run through the Microsoft consent process. Once consent process redirected back to your web site, you can do your own customer onboarding if required.
I am trying to use Graph API to automate the process of creating a Microsoft Teams app with a Bot app feature.
I found this Graph API endpoint called publish teamsapp which allows me to POST a Teams app package and instantiate a Teams app. Below, the "Appr 4 - MS Teams Test" app was created by uploading an app package to the aforementioned endpoint.
App published through Graph API
However, in order to complete this automation, I need to create a Bot app feature under "Configure > App features" of my Teams app.
My problem is that the publish teamsapp doesn't seem to support creating the Bot app feature. The app package' that you upload contains a manifest.json. The schema of this manifest only allows you to provide a Bot ID (presumably for an existing bot). You cannot specify the webhook URL for this bot and there do not appear to be any APIs to generate the bot's client secret.
App features
My question is, are there any Microsoft APIs that would allow me to create, read from, and write to bot app features? Ideally, I would like to be able to do the following:
Create the bot app feature
Retrieve the bot ID associated with the bot
Set the webhook URL of the bot
Create a client secret associated with the bot
Retrieve the client secret so I can store in my own database.
Is this step 1 to step a loop you would like to follow? I will consider Azure Logic APP to do the bot API call to create a bot - https://learn.microsoft.com/en-us/azure/logic-apps/quickstart-create-first-logic-app-workflow
Also, there is a forum actively monitoring by Teams-dev member you may want to check there as well - https://learn.microsoft.com/en-us/answers/questions/topics/single/58062.html
As of now, I have created an application that has certain permissions to access Mail Information of certain users in an organization. Till this point, admin from the organization would create the service and provide the credentials.
However, as a plan to scale the application to multiple organizations, I'd like to send a mail to admin to grant access for the permissions and automatically get the credentials.
I'm open to alternative ideas. Any ideas if the above is even feasible?
This is quite impossible to automate the complete process creating, and admin still need to approve the permission in Azure AD. What you can do here is ,just create the application and if user tries to access the app but they can't give consent ,they need to trigger a request for admin approval that can be sent by an email .
To allows admin consent request to be sent via email Configure the admin consent workflow , please follow the docs - Azure AD | Microsoft Docs
Hope that process will help you .
Design
Outlook Add-in that shows sales specific information based on the message (content, sender, etc)
Daemon that subscribes to new messages for the sales team and processes messages as they come in. Runs with application authentication
Scenario
We are developing a multi-tenant add-in that show sales specific information based on the email they are viewing. Since the sales team may be a single person, group or multiple people.
Question
How would the daemon running as an application use the graph to pull in users assigned to it?
Office 365 Admin Screenshot
You would need an Azure AD Application registered with Mail.Read persmissions. The add-in would sign in as the user. Then have the add-in subscribe to the users mailbox on the users behalf. The subscription would include the URL of a backend web api that Microsoft Graph subscription service would call.
You would need to register a new Azure AD Application (if you don't have one created already) for the backend web api. Then you would want to grant the correct permissions scopes to it. For your scenario you would require each tenant to admin consent this application, because you would need access to messages in many users mailboxes using application permission Mail.Read. The reason for this is because the webhook does not call your web api with any user token that you could use to then actual fetch the details of the message.
More info on change notifications (webhooks) is here https://learn.microsoft.com/en-us/graph/webhooks
I have an enterprise application which was registered in the Azure portal, the application is able to get an access token by issuing OAuth2.0 request, my question is what is the exact GET request it should send to start interacting with the OneDrive resource?
Should I register it under a specific AD group in order for it to have the right permissions? Please advise on how to get to a state where this app can interact with the OneDrive API, upload and get files from a specific location.
what is the exact GET request it should send to start interacting
with the OneDrive resource?
You can get started from the OneDrive API for Graph
Should I register it under a specific AD group in order for it to have the right permissions?
No need specific AD group. Just to grant the permission for Graph follow the following steps:
Navigate to your app in the add application list.
Click the Configure and then permissions under the API access.
Click the Add to add "Microsoft Graph".
Check the permission on SharePoint/OneDrive such as "Create, edit, and delete items and lists in all site collections/ Read and write user files/ Read user files" and then Save. Then click the Grant Permission to let the permission take effect.