I am trying to create a subscription for 'events' with endpoint v1.0 using personal account and I get "Specified resource is not supported for MSA requests" error. However the documentation says it's supported.
https://learn.microsoft.com/en-us/graph/api/resources/webhooks?view=graph-rest-1.0
This is a documentation issue as subscription creation for 'events' is only available via the beta endpoint.
Related
We have a customer who has a hybrid o365 deployment with all of their calendars/mail boxes on-premise. We have successfully queried the Graph API for the user calendars. However when we attempt to create a subscription to a user calendar we have the following 404 error...
{\"code\":\"ExtensionError\",\"message\":\"Operation: Create; Exception: [Status Code: NotFound; Reason: The mailbox is either inactive, soft-deleted, or is hosted on-premise.]\
The error seems to strongly indicate that the subscription is not supported due to the mailbox still being on-premise. However, I cannot find documentation that definitively states that subscriptions are not supported in hybrid environments. I need a definitive statement that I can return to the client.
I found an older post on SO where that conclusion was hinted at, but again, nothing definitive...
"Status Code: NotFound; Reason: Not Found" when creating subscription to on-premise mailbox
I've also read the documentation on Graph support for hybrid deployments and could not locate my "smoking gun".
https://learn.microsoft.com/en-us/graph/hybrid-rest-support
Is there documentation regarding this that I have simply overlooked, or can a MSFT SME comment in this regard?
I'm trying to get a list of devices associated with my Microsoft account. When somebody uses his Microsoft account for logging in into his Windows account, he can see that in https://account.microsoft.com/devices/ appears a new device, from which he has logged in. So, I'd like to get this list using API. I've tried to send GET request to https://graph.microsoft.com/v1.0/devices as the Documentation says using my access token, but an empty list is returned although in https://account.microsoft.com/devices/ there are registered devices. What's the problem?
The /devices endpoint hasn't been released so it isn't available under /v1.0. It is only available under /beta.
You can find details on how to use /devices in the Beta documentation.
I'm trying to access a group calendar using the microsoft graph api as the application (I don't want to use delegate permissions).
If I request calendar events using the below I get the events for the user just fine.
https://graph.microsoft.com/v1.0/users/[emailAddress]/events
If I make a request to the following I get group information:
https://graph.microsoft.com/v1.0/groups/[groupId]/
If I make a request to this:
https://graph.microsoft.com/v1.0/groups/[groupId]/events
I get "Access is denied. Check credentials and try again."
In azure portal, I've given my app service the following Application permissions:
Calendars.Read
Calendars.Read.Shared
Group.Read.All
User.Read.All
What am I missing?
Applications permissions to list events is currently not supported. Also, listing events using delegated permissions with a Personal accounts is not supported. Please refer to List Events documentation which has the details. You can also refer to known limitations of Graph here.
A user voice on this feature request is also available here and you can upvote the same so that the product team can include into their plans.
I want to start doing some development with the preview edition of the Microsoft Teams APIs.
I currently have a solution working using the Azure AD v2 Endpoint but I wanted to get a working solution using the v1 Endpoint.
I can't find any Microsoft Teams permissions available in the Azure AD portal and I didn't see anything specifically about this in the Known Issues the Teams API.
Can anyone comment on whether there are any options for a pure v1 Endpoint solution using application registration available right now? If not, is it planned?
The v1 Endpoint uses the same permissions as the v2 Endpoint. The primary difference between the two is that v2 scopes can by dynamically requested during authentication while v1 Endpoint requires permissions to be pre-defined within the registration.
When using the Azure Portal, all of the permissions for Teams show up under "Microsoft Graph". For the Teams you'll generally need User.Read and Group.ReadWrite.All. The Azure Portal lists permissions by description (although you can see the underlying scope name in the tooltip):
Sign in and read user profile (user.read)
Read and write all groups (Group.ReadWrite.All)
Note that Group.ReadWrite.All does require Admin Consent. Before you can authenticate normal user's, you will first need to have an Administrator go through the Admin Consent process.
I'm posting this as the answer, because I'm pretty certain this will trip up other developers out there. Up to this point, when getting an access token for AAD v1 apps that use Microsoft Graph, you use "https://graph.windows.net" as the Resource ID. The interwebs are replete with this example, and I have it in my own code that I use for OneNote and other services.
Now with the Graph endpoint for connecting to Teams (and probably other things), the Resource ID you need to use is "https://graph.microsoft.com". Just ran through a quick test using an AAD v1 app with the Microsoft Graph API and Read All Groups permission. I'm sure there's an explanation out there from some MSFT person that might make sense, but I have not found it after many hours of searching the web.
Hope this helps someone.
I'm attempting to take advantage of the public preview of Microsoft Graph reporting APIs for retrieving Office 365 product usage data. I have an application registered for Graph that successfully executes Graph calls for non-reporting APIs (i.e. the access_token I generate with my app is successfully used to access users information for a tenant: https://graph.microsoft.com/beta/users) but when I try any of the report resources I encounter the below error:
Invalid scope claims/roles.
According to the documentation I've read this would seem to imply that my app does not have the necessary permissions for reports but this is not correct as I have confirmed that the app has the "Read all usage reports" application permission enabled.
Has anyone else encountered similar challenges with the Microsoft Graph reporting APIs and have any suggestions that I could try?
If you added this scope after you had already authorized the application, it may still be using the previous/cached list of scopes. You can force re-authorization by adding ?prompt=consent to your initial authorization URL. For example:
https://login.microsoftonline.com/common/oauth2/authorize?client_id={app id}
&response_type=code&redirect_uri={redirect uri}&prompt=consent