I am trying to create a managed device in Intune using the following Microsoft Graph but it keeps erroring out.
I also get an error when trying to update an existing device record.
I have the appropriate scopes and my account is an Intune admin. Any suggestions?
Here is the example error I receive when trying to update using PATCH
"error": {
"code": "InternalError",
"message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 7d3aea54-282a-4911-99a5-af3d2422f81a - Url: https://fef.amsua0502.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/managedDevices%28%278f312966-1c51-403b-9b3a-6cf52643fa70%27%29?api-version=5017-09-07 - CustomApiErrorPhrase: ",
"innerError": {
"request-id": "7d3aea54-282a-4911-99a5-af3d2422f81a",
"date": "2017-11-02T12:16:55"
}
}
They have changed the endpoint without updating the documentation..
Use: /deviceManagement/managedDevices
It's a beta so endpoints and (more frequently) required parameters in the json object chances..
I've figured out a lot of these changes by simply looking at posts from the developer mode in a browser.
The documentation is often behind the actual implementation.
And yea this worked. sorry for late response..
Edit2:
I don't have an example to create a managed device. But this is an example on how to create an empty device configuration:
$Endpoint = "https://graph.microsoft.com/beta"
## Win10
$Win10 = [pscustomobject]#{
'#odata.type' = "#microsoft.graph.windows10GeneralConfiguration"
'description' = "standard Windows 10 Device Restriction Configuration"
'displayName' = "Win10"
}
$Win10params = #{
ContentType = 'application/json'
Headers = $Header
Body = $Win10 | ConvertTo-Json -Compress
Method = 'POST'
URI = "$Endpoint/deviceManagement/deviceConfigurations"
}
Invoke-RestMethod #Win10params
But again. Take a look at the POST in the developer tab, and then start by trying out parameters from the top. If the documentation isn't updated with the least required parameters, you will have to go through it step by step..
They have changed the endpoint without updating the documentation..
Use: /deviceManagement/managedDevices
Related
I created an app on Azure and want to use it to subscribe to business emails of certain users. However, I cannot get it to work and I'm wondering if it is even possible this way. The code is as follows:
url = 'https://graph.microsoft.com/beta/subscriptions'
payload = {
'changeType': 'updated',
'notificationUrl': 'http://<server_ip>/webhook',
'resource': "users/<my_user>#<my_domain>/mailFolders('inbox')/messages",
'expirationDateTime': '2022-07-23T11:52:20',
}
headers = {
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}
response = requests.post(url, headers=headers, data=json.dumps(payload))
print(response.status_code)
print(response.reason)
print(response.text)
400
Bad Request
{"error":{"code":"InvalidRequest","message":"Could not process subscription creation
payload. Are all property names spelled and camelCased properly? Also are the
dateTimeOffest properties in a valid internet Date and Time format?","innerError":
{"date":"2022-07-22T09:12:11","request-id":"317989f4-c921-44ce-a701-
c57a660aad3b","client-request-id":"317989f4-c921-44ce-a701-c57a660aad3b"}}}
I also want to subsribe to changes to our drive, for this I substitute the resource for f'drives/{drive_id}/root'. This gives the same error messsage.
I have read all the relevant docs and feel this this should be the correct approach, but the error message is not useful to me for find the issue.
I created teams in Microsoft Teams (from groups as documented here) via the C# graph-api sdk without any problems - everything was working just fine.
But suddenly this is not working anymore. I will always get the following exception at the line return await graphServiceClient.Teams.Request().AddAsync(team);:
Message: Failed to execute Templates backend request
CreateTeamFromGroupWithTemplateRequest. Request Url:
https://teams.microsoft.com/fabric/emea/templates/api/groups/theGroupId/team,
Request Method: PUT,
And further:
Team Visibility can not be specified as it is inherited from the
group.
I know that the visibility property must not be set if creating the team from a group as it states in the Microsoft documentation:
The team that's created will always inherit from the group's display name, visibility, specialization, and members. Therefore, when making this call with the group#odata.bind property, the inclusion of team displayName, visibility, specialization, or members#odata.bind properties will return an error.
But the currently used code below shows that I am not setting any forbidden properties - and this code worked for the last few days, too:
private async Task<Team> CreateTeamFromGroup(string groupId)
{
var graphServiceClient = [...]
var groupResourceLink = $"https://graph.microsoft.com/v1.0/groups('{groupId}')";
var team = new Team
{
AdditionalData = new Dictionary<string, object>()
{
{ "template#odata.bind", "https://graph.microsoft.com/beta/teamsTemplates('standard')" },
{ "group#odata.bind", groupResourceLink }
},
Channels = new TeamChannelsCollectionPage
{
new Channel
{
DisplayName = "WhatEver"
}
}
};
return await graphServiceClient.Teams.Request().AddAsync(team);
}
Is anyone else experiencing this problem? Was there an API change? Was the teams backend changed? Anyone any ideas?
P.S.: I am using the latest NuGet-Package for Microsoft Graph - downgrading didn't help.
Update (with a not very satisfying work-around)
The error can be reproduced via the graph api explorer, too.
The POST command above issues a PUT command, that is described here. With this request, the team can be created.
The documentation and the graph api snippet for C# is out-dated, though. You have to add odatatype = null to the properties when using the sdk
Unfortunately it is not possible to add channels in the same step. If you specify the property 'channels' it will just be ignored.
Update (Detailed error message)
System.AggregateException: 'One or more errors occurred. (Code:
BadRequest Message: Failed to execute Templates backend request
CreateTeamFromGroupWithTemplateRequest. Request Url:
https://teams.microsoft.com/fabric/emea/templates/api/groups/theGroupId/team,
Request Method: PUT, Response Status Code: BadRequest,
ErrorMessage : {"errors":[{"message":"Team Visibility can not be
specified as it is inherited from the
group."}],"operationId":"639448e414ece64caee8f52839585bf7"} Inner
error: AdditionalData: date: 2020-11-24T10:21:22 request-id:
37a28cac-3ac5-4bd2-a061-daf44c442fac client-request-id:
37a28cac-3ac5-4bd2-a061-daf44c442fac ClientRequestId:
37a28cac-3ac5-4bd2-a061-daf44c442fac )'
Just tested this morning and I can say, that the "old way" by using the beta API to create a team with a template works again. Don't know, how many other ways exist to do these things, but here is our current request, that works now (again).
POST https://graph.microsoft.com/beta/teams
{
"displayName": "My Group Name",
"description": "Some description",
"template#odata.bind": "https://graph.microsoft.com/beta/teamsTemplates('educationClass')",
"owners#odata.bind": [
"https://graph.microsoft.com/beta/users('<someValidUserId>')"
]
}
I think this will be just an intermediate state and when the bugs are fixed, they will publish the new version again and this kind of creation will fail again, but if in this case the v1.0 documented way will work this wouldn't be a big problem. But being informed BEFORE there roll-out starts would be great.
This was a Microsoft issue/ bug and is currently being fixed as stated here.
I'm currently having major issues with creating teams from the Graph API. I was initially trying to create teams based on groups, however I have found out today that you can now create a team without creating a group first then waiting 15 minutes to then create the team from the following link. This would make things considerably simpler.
https://learn.microsoft.com/en-us/graph/api/team-post?view=graph-rest-1.0
I am using the Microsoft.Graph SDK (v3.12.0 released 26th Aug) so replicated the http call using the SDK as follows.
var team = new Team
{
DisplayName = "My Group Name",
Description = "My Group Description",
AdditionalData = new Dictionary<string, object>()
{
{"template#odata.bind", "https://graph.microsoft.com/v1.0/teamsTemplates('educationClass')"},
{"owners#odata.bind", $"[\"https://graph.microsoft.com/v1.0/users('{usersGuid}')\"]"}
},
};
var response = await _graphClient.Teams
.Request()
.AddAsync(team);
The code above gives a:
[16:14:01 ERR] An unhandled exception has occurred while executing the request.
Status Code: BadRequest
Microsoft.Graph.ServiceException: Code: BadRequest
Message: Invalid bind property name owners in request.
If I remove the line
{"owners#odata.bind", $"[\"https://graph.microsoft.com/v1.0/users('{usersGuid}')\"]"}
from the code I get the following:
ErrorMessage : {"errors":[{"message":"A team owner must be provided when creating a team in application context."}]
Any advice would be greatly appreciated.
Thanks,
Nick
In v1.0 the owners relationship is not currently present, so you have to use the beta endpoint.
POST: https://graph.microsoft.com/beta/teams
with the following body format
{ "template#odata.bind":"https://graph.microsoft.com/beta/teamsTemplates('standard')", "displayName":"Test Team", "description":"Test description", "owners#odata.bind":["https://graph.microsoft.com/v1.0/users/{user guid}"] }
Note: the user guid should also be bare, i.e without the brackets and quotes in your example.
When I select the properties allowExternalSenders or autoSubscribeNewMembers for a group synced from an on-premise Active Directory, I get the following error via Graph API SDK:
403 Forbidden
Graph service exception Error code: AppOnlyAccessNotEnabledForTarget
Error message: App Only access is not allowed for target resource: 'a1d0c98e-fb7e-40c4-a7b5-ccf6d96cba57#34f0717f-f1a0-4894-b310-d379993504b9'.
The Graph Explorer displays the following 404 error, even though it is not a mailbox:
{
"error": {
"code": "MailboxNotEnabledForRESTAPI",
"message": "REST API is not yet supported for this mailbox.",
"innerError": {
"request-id": "5beae8eb-4a59-404f-bd42-0c6aa2a25abd",
"date": "2020-03-31T13:02:11"
}
}
}
An example request looks like this:
https://graph.microsoft.com/v1.0/groups/{id}?$select=id,deletedDateTime,assignedLicenses,description,displayName,groupTypes,licenseProcessingState,mail,mailEnabled,mailNickname,onPremisesLastSyncDateTime,onPremisesSecurityIdentifier,onPremisesSyncEnabled,onPremisesDomainName,onPremisesSamAccountName,preferredDataLocation,securityEnabled,securityIdentifier,visibility,resourceProvisioningOptions,allowExternalSenders,autoSubscribeNewMembers
Which property should I use to decide if I should try to select these properties or not? I want to avoid missing the properties for groups which actually do expose these properties, so I do not simply want to guess.
Slightly different take on this answer, Microsoft even thought only providing one API for groups, there are effectively two different objects returned, SecurityEnabled = True or False. If Security = True then you can not ask for the follow attributes
(allowExternalSenders,autoSubscribeNewMembers,hideFromAddressLists,hideFromOutlookClients)
Is this ok, NO its not ok, Microsoft needs to return null instead of providing THE WRONG ERROR MESSAGE and sending people like us into multi hour head scratchers.
In my code, I now check if securityEnabled is true or false and have a different set of attributes depending.
The mailbox is on a dedicated (on premise) Microsoft Exchange Server or is not a valid (configured) Office 365 mailbox. Contact your Exchange or Office admin to apply any of these recommended solutions.
To filter Office 365 groups you can do this:
https://graph.microsoft.com/v1.0/groups?$filter=groupTypes/any(c:c eq 'Unified')
I am trying to get a very simple c# snippet on predicting an image, but get following error (there is very little on the internet around this subject):
Microsoft.Azure.CognitiveServices.Vision.CustomVision.Prediction.Models.CustomVisionErrorException HResult=0x80131500 Message=Operation returned an invalid status code 'NotFound'
var predictionClient = GetPredictionClient();
predictionClient.ClassifyImageUrl(Guid.Parse("5329678e-2a6b-46cf-ac11-fbd19ce89353"), "Iteration2", new ImageUrl("https://storageinfluencer.blob.core.windows.net/social-media-images/1e8bfef3-f070-44b9-9ae4-4b0d8a31316d.jpg"));
CustomVisionPredictionClient GetPredictionClient()
{
CustomVisionPredictionClient endpoint = new CustomVisionPredictionClient()
{
ApiKey = "xxx",
Endpoint = "https://northeurope.api.cognitive.microsoft.com/customvision/v3.0/Prediction/"
};
return endpoint;
}
I got a little closer by using fiddler. EndPoint should be https://northeurope.api.cognitive.microsoft.com only even if portal says copy the other as end point. However now I get:
{"code":"BadRequest","message":"Invalid project type for operation."}
I have following POST in fiddler:
https://northeurope.api.cognitive.microsoft.com/customvision/v3.0/prediction/xx-xx-xx-xx-xx/classify/iterations/Iteration2/url HTTP/1.1
I think I finally found why you got this 404, thanks to... Intelligent Kiosk demo being open-source!
See how they pass the endpoint value in their code, here:
private const string SouthCentralUsEndpoint = "https://southcentralus.api.cognitive.microsoft.com";
As you can see, the Endpoint field is the value of the root, not the Custom Vision Prediction API root
So change your
Endpoint = "https://northeurope.api.cognitive.microsoft.com/customvision/v3.0/Prediction/"
to:
Endpoint = "https://northeurope.api.cognitive.microsoft.com"
And it should be fine. I made a test with WestEurope and some CustomVision projects that I already had, it is working fine.