Currently, Graph Explorer does not appear to support EDU endpoints. Is there a way to work around this problem?
According to your descriptions, I presume you want to find whether there is a wat to support EDU endpoints or not.
Base on my test, we can use the API like this:
GET /education/schools
It will return a collection of educationSchool objects in the response body.
In this document, we can find that this API support the work or school account. If we use a personal microsoft account to login the Graph Explore, it will not support the EDU endpoints.
The default tenant (i.e. the tenant data you get when you haven't logged into Graph Explorer) does include Edu data.
If you are authenticating, you will only be able to call the Edu endpoints if you have consented to the Edu scopes and your tenant is an Office 365 Education instance. These endpoints will not work with a non-Edu O365 tenant.
Related
I can query my own One Drive for Business account files as 'The Global Admin' using Microsoft Graph API. I cannot query another One Drive for Business user's files as 'The Global Admin' using Microsoft Graph API.
Own Files:
https://graph.microsoft.com/v1.0/me/drive/root/children
Another User:
https://graph.microsoft.com/v1.0/users/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/drive/root/children
I am using an Azure AD registered app with following Application permissions:
Files.ReadWrite.All
Sites.Read.All
Sites.ReadWrite.All
User.ReadWrite.All
offline_access
However, when I go to Office 365 Admin and
Choose that another One Drive for Business user (for which I could not query files using MS Graph API) => OneDrive => Get access to files => Click Create link files
then I can successfully query that another user's files using MS Graph API.
If Global Admin needs to query files of all user accounts using MS Graph API when there are 100s of users then this method might not be practical.
Is there any easier way or programmatically possible to give Global Admin the permissions to query files of all user accounts using MS Graph API. If yes, how do we do that.
Thanks!
As you've observed, a tenant admin cannot implicitly access any user's content. You have the power to grant yourself that access but that is cumbersome to do at scale. If you're a tenant admin you have another option though - use an "app-only" (i.e. application permissions) token. You'll have to consent the app for your tenant, but after that it can access content across your tenancy.
I am attempting to use "v1.0/me/joinedTeams" to get all the joined teams for the currently authenticated user in my asp.net service. This works fine for external accounts that use a Microsoft identity (have a live account) but the same call returns a 400 Bad Request when I attempt to use an external account that uses a mail identity (no live account). The request is the same regardless of external account type. The token generated when authenticating as the mail identity external user looks correct when I inspect it.
I have been able to implement a workaround where I instead use the SharePoint REST service to get the groupId for the team site the user is apart of and then use the Graph call "v1.0/teams/{groupId}" to get that team. However, I need to do this for all the teams the external user has access to which slows things down quiet a bit.
I am aware of what looks like a bug in Graph when trying to make any Graph calls with any external user type, described here: https://github.com/OneDrive/onedrive-api-docs/issues/1039. I have also implemented the workaround for this issue which requires first accessing each site the user has access to by making some arbitrary call using the REST service. Then any subsequent calls using Graph should work. I do this for external accounts with a mail identity before trying to make the joinedTeams call but still run into the 400 response.
These workarounds will suffice in the short term but they increase my execution time significantly, especially when there is a large number of teams the external user is apart of. Any insight on a solution is greatly appreciated.
/me/joinedTeams is not available for personal Microsoft accounts. Se the table on this page
I'm building a Logic App to list all users from MS Graph.
I can get the list of all users by calling MS Graph API using OAuth authentication in my Logic App but I'm struggling to apply a filter in my custom request in MS Graph.
i.e. I have below structure in my OnPremiseAD:
OU=Site1,OU=Users,OU=TEST,DC=xyz,DC=com
OU=Site2,OU=Users,OU=TEST,DC=xyz,DC=com
OU=Site3,OU=Users,OU=TEST,DC=xyz,DC=com
OU=Site4,OU=Users,OU=TEST,DC=xyz,DC=com
...and I want to list users from OU=Site4 only.
Can someone please help?
https://graph.microsoft.com/beta/users?$filter...???
Based on Custom OU considerations and limitations:
User accounts, groups, service accounts, and computer objects that
you create under custom OUs aren't available in your Azure AD tenant.
These objects don't show up using the Microsoft Graph API or in the
Azure AD UI; they're only available in your managed domain.
So I'm afraid that it's not supported to list the users under an OU via Microsoft Graph API.
See a similar post here.
I retrieved an access token from my server and have connected the JavaScript SDk chat client like so. I have created a channel like so. The next step I'd like to invite a user like this. In that example they invite the user 'elmo'. Where do I get 'elmo' or how do I present the user with a selection of possible 'elmo's? The client sdk has no list users functionality.
Edit:
It looks like the REST API has a list users method. But can't find any examples of it used. Should the 1st person chat client be using the REST API as well to supplement gaps in the client SDK or should it get the identity from backend? Our team has different interpretations of the docs: twilio REST API is strictly for backend vs. twilio REST API can and should be used any where. Moved to twilio REST API: strictly backend?
Twilio developer evangelist here.
In my opinion Twilio's Chat API should not be the central source of truth of the users in your system. I don't know anything more about your application than what you've written here, but I would expect that you have a user model within your own system that you have used to generate or create an identity that is then used by the Chat API as well as how your user logs in to your system. I would then use that user model to connect users and provide their identities so that they can join chats together.
I want to start doing some development with the preview edition of the Microsoft Teams APIs.
I currently have a solution working using the Azure AD v2 Endpoint but I wanted to get a working solution using the v1 Endpoint.
I can't find any Microsoft Teams permissions available in the Azure AD portal and I didn't see anything specifically about this in the Known Issues the Teams API.
Can anyone comment on whether there are any options for a pure v1 Endpoint solution using application registration available right now? If not, is it planned?
The v1 Endpoint uses the same permissions as the v2 Endpoint. The primary difference between the two is that v2 scopes can by dynamically requested during authentication while v1 Endpoint requires permissions to be pre-defined within the registration.
When using the Azure Portal, all of the permissions for Teams show up under "Microsoft Graph". For the Teams you'll generally need User.Read and Group.ReadWrite.All. The Azure Portal lists permissions by description (although you can see the underlying scope name in the tooltip):
Sign in and read user profile (user.read)
Read and write all groups (Group.ReadWrite.All)
Note that Group.ReadWrite.All does require Admin Consent. Before you can authenticate normal user's, you will first need to have an Administrator go through the Admin Consent process.
I'm posting this as the answer, because I'm pretty certain this will trip up other developers out there. Up to this point, when getting an access token for AAD v1 apps that use Microsoft Graph, you use "https://graph.windows.net" as the Resource ID. The interwebs are replete with this example, and I have it in my own code that I use for OneNote and other services.
Now with the Graph endpoint for connecting to Teams (and probably other things), the Resource ID you need to use is "https://graph.microsoft.com". Just ran through a quick test using an AAD v1 app with the Microsoft Graph API and Read All Groups permission. I'm sure there's an explanation out there from some MSFT person that might make sense, but I have not found it after many hours of searching the web.
Hope this helps someone.