Error creating managed app registration with Intune Graph REST API - microsoft-graph-api

The docs at
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/intune_mam_iosmanagedappregistration_create indicate that it should be possible to create an iOS managed app registration with a POST to https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppRegistrations. Any permutations on the documented behavior results in the following response:
{
"error": {
"code": "No method match route template",
"message": "No OData route exists that match template ~/singleton/navigation with http verb POST for request /MAMAdmin/MAMAdminFEService/deviceAppManagement/managedAppRegistrations.",
"innerError": {
"request-id": "9338f5e5-bdb8-49f2-a887-362ddca6da97",
"date": "2018-03-13T01:23:02"
}
}
}
This seems to indicate that there is a missing route for POST - has anyone been successful using this api to create managed app registrations?
I have tried several variations on input, including removing the odata type specifiers as mentioned in other posts here. Below is a sample of a failing request that can be reproduced with graph explorer - note that I get the same error when using real values in an application attempting to integrate with the APIs:
POST https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppRegistrations
{
"#odata.type": "#microsoft.graph.iosManagedAppRegistration",
"lastSyncDateTime": "2017-01-01T00:02:49.3205976-08:00",
"applicationVersion": "Application Version value",
"managementSdkVersion": "Management Sdk Version value",
"platformVersion": "Platform Version value",
"deviceType": "Device Type value",
"deviceTag": "Device Tag value",
"deviceName": "Device Name value",
"flaggedReasons": [
"rootedDevice"
],
"userId": "User Id value",
"appIdentifier": {
"#odata.type": "microsoft.graph.iosMobileAppIdentifier",
"bundleId": "Bundle Id value"
},
"version": "Version value"
}

This is a documentation error. ~/managedAppRegistrations is a read only collection. Those entities are created when a MAM enlightened app registers with Microsoft Intune.
Regards,
Alemeshet Alemu from MSFT

Related

Teams Export API not allowing me to filter by channel

I'm trying to use the Teams Export API to export a single Teams channel. I have my permissions set up properly; if I make a request to
https://graph.microsoft.com/v1.0/teams/{TEAM_ID}/channels/getAllMessages (without specifying a filter), I get the paginated results of all of the channel messages on my team. If I copy the sample datetime filters in that documentation, I also get a successful response with the appropriate results.
A successful response gives me a list of messages. Each one shows a channelIdentity field, which contains a channelId (fields removed for readability):
{
"value": [
{
"channelIdentity": {
"teamId": "{TEAM ID}",
"channelId": "{CHANNEL ID}"
},
},
]
}
What I want is to use this channelIdentity/channelId field as a filter on the results, so that I can export just the messages from a single channel.
If I run GET https://graph.microsoft.com/v1.0/teams/{TEAM_ID}/channels/getAllMessages?$filter=channelIdentity/channelId eq '{CHANNEL ID}', I get an error:
{
"error": {
"code": "BadRequest",
"message": "The entity property 'channelIdentity/channelId' and operationKind 'Equal' is not allowed in $filter query.",
"innerError": {
"date": "2022-11-16T23:47:06",
"request-id": "...",
"client-request-id": "..."
}
}
}
This reads to me like I'm not allowed to use eq with this ID. If I try a 'starts with', I get a different error:
GET https://graph.microsoft.com/v1.0/teams/{TEAM_ID}/channels/getAllMessages?$filter=startswith(channelIdentity/teamId, '{CHANNEL ID}')
{
"error": {
"code": "BadRequest",
"message": "Only binary operation expressions are allowed.",
"innerError": {
"date": "2022-11-17T00:11:26",
"request-id": "...",
"client-request-id": "..."
}
}
}
I'm unclear on what this is trying to say - either the ID starts with that phrase or it doesn't; it seems like a binary expression to me.
Is there some other approach I should use to get these results filtered by channel ID?
This API is designed to export everything from a team for backup/archival scenario. So, filtering by a specific channel is not supported now.
If you wish you may suggest this feature on Microsoft Feedback portal.
Any reason why you don't use List Channel Messages?
You can then make a GET call against this URL:
"https://graph.microsoft.com/v1.0/teams/{teamid}/channels/{channel id}/messages"
Note - as per that link you will need to Request access:
https://learn.microsoft.com/en-us/graph/teams-protected-apis
One other method, if you are using Graph Explorer, is add the signed-in user to the team as an owner, and it will let you test this method, you just won't be able to call via an App Registration until you do fill out that form.

How to access shifts of a team? "Sorry, the team was not found, or you may not have access to it"

I would like to read a team's shifts using https://graph.microsoft.com/v1.0.
However i always fail with different errors and get contradicting server messages.
I send the API requests with Postman.
I am using Application authorization method. I think i have set all required Api permissions for my app.
I beleive i supply the correct headers, like:
Authorization
Content-Type
MS-APP-ACTS-AS
When i send the request like this to GET a team:
GET https://graph.microsoft.com/v1.0/teams/{id}
i get the following error message:
"error": {
"code": "NotFound",
"message": "No team found with Group Id {id}",
"innerError": {
"date": "2020-09-05T08:37:17",
"request-id": "id"
}
}
But when i try to create the team (from a group) like this:
PUT https://graph.microsoft.com/v1.0/groups/{id}/team
I get the error as follows:
"error": {
"code": "Conflict",
"message": "Team already exists",
"innerError": {
"date": "2020-09-05T08:33:33",
"request-id": "id"
}
}
When i try to make my actual call of interest, like:
GET https://graph.microsoft.com/v1.0/teams/{id}/schedule/shifts
That also fails with error:
{
"error": {
"code": "NotFound",
"message": "{\"error\":{\"code\":\"NotFound\",\"message\":\"Sorry, the team was not found, or you may not have access to it.\",\"details\":[],\"innererror\":{\"code\":\"TeamNotFound\"}}}",
"innerError": {
"date": "2020-09-05T08:59:55",
"request-id": "id"
}
}
}
Pleaset help me understand what i am doing wrong!
Thank you in advance!
Solved (itself).
So what was happening:
i created a team (directly or from a group).
created a schedule for the team.
get the schedule for the team, and see the response:
"enabled": false,
"provisionStatus": "Failed", (so not running or queuing or something)
"provisionStatusCode": "GraphResourceNotFound",
struggle few (like 4-5) days
without changing a thing, get the schedule showing:
"enabled": true,
"provisionStatus": "Completed",
"provisionStatusCode": null,
Maybe it would help others to see the possible wait time length or add a clarification about the provisionStatus field’s status progression.

Cannot update oauth2PermissionGrants using graph.microsoft.com

Using https://graph.microsoft.com/beta/oauth2PermissionGrants I now cannot use POST to update B2C apps to grant them access to API's due to an error : Missing property: expiryTime
We've been using the BETA endpoint to update our B2C apps to grant them access to various API's using a Powershell script I created however in the last week or so something has changed on the back end as we now receive an error when attempting a POST : Missing property: expiryTime. The expirytime however is present in the JSON.
We can POST via graph.windows.net using the same JSON so this is something specific to the BETA endpoint. When querying the App's Oauth2permissiongrants I also cannot see the expirytime or starttime using graph.microsoft.com for some reason.
Please see the code below and let me know if I can answer any questions.
https://developer.microsoft.com/en-us/graph/graph-explorer#
POST https://graph.microsoft.com/beta/oauth2PermissionGrants
{
"clientId": "APP servicePrincial ObjectID",
"consentType": "AllPrincipals",
"expiryTime": "2030-05-12T19:34:28.9831598Z",
"principalId": null,
"resourceId": "02bccee7-8958-4e5e-89c7-466a5370a205",
"scope": "user_impersonation"
}
{
"error": {
"code": "Request_BadRequest",
"message": "Missing property: expiryTime",
"innerError": {
"request-id": "b15edafa-1415-4430-9d89-5ea3fb824f9c",
"date": "2019-09-16T11:29:39"
}
}
}

Outlook contacts ErrorQuotaExceeded

I am making a script that generates contacts in Outlook with graph api v1.0 when my contact folder excedes 193 contacts I get this error message "ErrorQuotaExceeded". I think it is because there is a limite to how many contacts you can have in a folder, but I can't find any documentation that explains that limit if there is one.
I've tried to put contacts manualy through the outlook interface and it worked, but not through the graph interface.
I've tried putting a one minute delay after receiving this error message befor generating an other contact, but it still didn't work.
{
"id": "263",
"status": 403,
"headers": {
"Cache-Control": "private"
},
"body": {
"error": {
"code": "ErrorQuotaExceeded",
"message": "Cannot get ID from name.",
"innerError": {
"request-id": "a0b04607-53cb-45f1-92a3-22a5244c77cb",
"date": "2019-07-05T14:15:57"
}
}
}
}
I figured I was using "open extensions" which in return used "MAPI named property" and I exceeded de quota for the "MAPI named property"
Source

Unable to delete AppRoleAssignment using Beta Graph API

I'm using the Graph API beta endpoint to try and delete an AppRoleAssigmnet:
https://graph.microsoft.com/beta/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
109
{
"error": {
"code": "Request_UnsupportedQuery",
"message": "Direct queries to this resource type are not supported.",
"innerError": {
"request-id": "aa7c14a3-f700-4368-898e-009f1608ade1",
"date": "2019-04-30T00:29:50"
}
}
}
0
According to the beta documentation, this is allowed:
https://learn.microsoft.com/en-us/graph/api/approleassignment-delete?view=graph-rest-beta
I also verified the correct permissions according to the documentation as well.
I know this is a beta endpoint but any chance this will be fixed soon or do I need to use the Azure AD API instead?
UPDATE
I tried going through the users collection and it also fails:
https://graph.microsoft.com/beta/users/7e73da23-31d7-4eff-9a0b-05fcb15f5c9b/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
fb
{
"error": {
"code": "BadRequest",
"message": "Write requests are only supported on contained entities",
"innerError": {
"request-id": "b6db0eee-dc45-4e10-a56c-9a870fb7315c",
"date": "2019-04-30T23:49:24"
}
}
}
0
I tried going through the service principal collection and it also fails:
https://graph.microsoft.com/beta/servicePrincipals/27e0a182-2008-4b4e-b998-731e0d111041/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
18b
{
"error": {
"code": "BadRequest",
"message": "The type 'microsoft.graph.appRoleAssignment' does not inherit from and is not a base type of 'microsoft.graph.directoryObject'. The type of 'KeySegments' must be related to the Type of the EntitySet.",
"innerError": {
"request-id": "8c981e82-755e-4c25-b448-58d2b71e12c7",
"date": "2019-04-30T23:46:20"
}
}
}
0
I'm afraid this service bug has existed for a very long time. The only thing I can say is to try this with AAD Graph until this is fixed in Microsoft Graph. The schema unfortunately models appRoleAssignments as a standard relationship, whereas in fact it is implemented as a contained entity (i.e. you can only operate on the app role assignment when it is contained as part of another entity - like users, groups or servicePrincipals). The schema definition needs to be updated. The documentation is accurate IMHO.
Hope this helps

Resources