I'm using the Graph API to construct a simple Dashboard for Teachers and Students. Everything works well except that when a Student is added they do not get access to the Class Notebook and they don't get a Section Group for them created in the Class Notebook.
Notably, if I open the Class in Microsoft Teams and add or remove anyone from it then all of the users that have been added through the API get access and their section groups created correctly.
This behavior seems to happen both with .Education.Classes["..."].Members and Groups["..."].Members. The Members added this way also don't show up in the Teams "Manage Members" interface but I'm not concerned about that.
I'm using the v1.0 endpoint, and OneDrive and Sharepoint permissions all work as expected.
My question is do I have to do something extra to get the Class Notebook updated with the membership or are there some additional properties that need to be sent when adding a user or is this just a bug?
The Class Notebook doesn't automatically watch the group membership. Rather experiences that add members need to use Class Notebook APIs to do the matching update.
Unfortunately, the Class Notebook APIs aren't yet available directly on the Microsoft graph, so you have to switch over to the OneNote API endpoint (refresh your token with that as the resource) and make the call there.
This is the API you need
Related
I am querying Azure AD with Microsoft Graph API and I need to get AD-properties like "homePhone", "otherPhone" and "description" from users.
I have not seen any explicit mention in the API reference about certain properties being unobtainable, but looking at the user resource type (https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0) there seems to be alot of properties missing.
Am I correct in assuming that these properties can't obtained at the moment?
As #Jan hajek said, All Azure AD Directory object properties are not present in Windows AD objects. There is an alternative solution for this is you need to added a custom attribute on the Group schema on the local AD, and then configured it to sync as an extension property to Azure. Please go through this Directory extensions document.
Recently something is changed the way Graph is handling permissions on drive items for external(outside tenant users).
Previously when we give access Write access to an external a unique link was created per user that we can do a patch call to update the roles if we want.
Now only two links are created one which is common for all externals having write role and one for read role.
I could not find a way if I want to update the role of an external from write to read or vice versa without removing all external users with write and adding them again.
Is there a work around to update permissions for external. The documentation is also pretty old its not updated since 2017.
Note: This is the Endpoint we are using/recommended to update permissions.
In my Azure AD tenant, I have few users which I get using https://graph.microsoft.com/beta/users and I get Education users for a school using https://graph.microsoft.com/beta/education/schools/<id>/users or https://graph.microsoft.com/beta/education/users
What is the difference here and how do we differentiate them in the portal panel?
Can we make a general user an education user under a specific school?
I actually am not an admin on the portal.
At the AAD level (which is what you're surfacing in the Azure Portal), there isn't a difference between the objects.
What is different is how the User resource is rendered. When you query Users via /education/users, you get some additional metadata. For example, if the User is a Student you will get the educationStudent properties. If they're a Teacher, you'll see the educationTeacher properties.
The educationUser resources also have additional navigation properties for educationClass and educationScool. For example, you can call v1.0/education/users/{id}/classes but not v1.0/users/{id}/classes because the standard User resource lacks the classes navigational property.
This same model carries over to other areas:
educationUser extends the user resource
educationClass extends the group resource
educationSchool extends the administrativeUnit resource
You can add an educationUser to an educationSchool like this:
POST https://graph.microsoft.com/v1.0/education/schools/{schoolId}/users/$ref
Content-type: application/json
{
"#odata.id":"https://graph.microsoft.com/v1.0/education/users/{userId}"
}
As an aside, I strongly caution against using the /beta version. The Beta version can and will break from time to time. Breaking changes happen without warning and, as such, is simply not reliable enough to use in a production application.
We're creating Office 365 Groups using a PowerShell script, and this process in place already and we're happy with it.
I was wondering however, if it was possible to trigger the creation of the default OneNote document via the Graph API at all? It appears as though when a Group is created, it's not until someone manually visits the Document library and clicks the OneNote document, is it actually created (on the fly). I have arrived at this conclusion because if we run a Get-UnifiedGroup on the group itself (storing the result in $Group), the following property is empty: $Group.SharePointNotebookUrl
The reason we'd like to do this, is so we can create Office 365 Groups and populate the default OneNote notebook with some information, without having to have a user with permission to the group, manually trigger the creation of it. I'm able to create additional notebooks in the Group, but these are not 'presented' in the same way to end users that the default one is (with it's own dedicated tabs/menu links).
This isn't possible from Microsoft Graph today. As you noted, the default OneNote for a Group is created the first time you attempt to access it. It's also a little different in that it gets places in a SiteAssetts library which also doesn't exist when the group is created.
I recommend visiting the UserVoice and adding this as a suggestion.
Office 365 default Notebook is a file in SiteAssets library in the associated SharePoint site.
If Notebook is not created yet, you can create by enabling SharePoint Feature SiteNotebook with Id f151bb39-7c3b-414f-bb36-6bf18872052f
With PnP PowerShell:
Enable-PnPFeature -Identity f151bb39-7c3b-414f-bb36-6bf18872052f -Scope Web
This will create Notebook in SiteAssets library and adds PropertyBag to SPWeb with name "SiteNotebookGuid".
Trying to use Microsoft's Graph beta to access a Sharepoint list via a registered Azure app using a key. I'm able to successful see/access some lists(looks like only lists created when site was created), but any list I have manually created is missing.
I can do the following get to list most lists in my site:
https://graph.microsoft.com/beta/sites/contoso.sharepoint.com,fc016e3c-d8ae-4ee0-a10c-de6d26788b6a,9a4ea7a5-c3c4-44ae-9f80-273bd67431b8\lists
but for some reason it's only displaying certain lists and none of the ones I created. However if enter the list's GUID like this
https://graph.microsoft.com/beta/sites/contoso.sharepoint.com,fc016e3c-d8ae-4ee0-a10c-de6d26788b6a,9a4ea7a5-c3c4-44ae-9f80-273bd67431b8/lists/BEA4B4A9-323F-441A-BA19-806290B27EF6
I receive "the caller is not authenticated" message back. This is message has me thinking it's a permissions issue, however, my list permissions are the same on all lists. it's as if the graph api can only see lists created by the system and not by end users.
Anybody experiencing this issue?
I've seen this issue on my end. The "save item to list" function works for some accounts and not others... It's extremely weird! Typical SharePoint, I suppose.
What I've come to realize is that GRAPH will sometimes throw an error when trying to save data to a date field and works every time saving data to text fields. If I'm logged in as my main O365 account (with license) I can save to date fields. If I'm logged in with a basic user that I just created on the domain (no license) I can create items unless there's a date field.
If I come up with anything else I'll post it! Sorry, this is more of a work-around than an answer. Hopefully it will spark something else.
Thanks