Is it possible an application with app-only permissions to change the availability (Presence's state) of group users?
Reading the known issues for "Group conversations, events" delegate permissions are needed. So it seems not possible.
Any other way?
(BTW UCWA is not a way as it needs also user's credentials AFAIK.)
At the moment there is no support for Skype or Skype for Business within Microsoft Graph. I recommend visiting the UserVoice and adding this suggestion.
You can find the current set of Skype API's at the Skype Developer Platform site. I think you may be looking for the Trusted Application API (Public Preview) which brings a lot of the UCMA functionality to Skype for Business Online.
Related
Microsoft Graph API has provisions for accessing todoTask - it does not however have application level permissions (those are listed as "not supported"). How would an application implement creating / updating tasks and getting notifications for multiple users? Seems like a glaring hole in the api framework
Yes application level permissions are not yet supported. Please file a user voice here for your ask so that it could be considered in future.
Thanks!
I am developing an app in Microsoft Teams using the App Studio. Towards the end of the proccess, in the section Domains and Permissions, you are allowed to give resource-specific consent permissions such as File.Read.Group. I was wondering where I would use these permissions (Microsoft Graph, Azure AD Graph, ...) to programmatically access an API. As a side question, does anybody know which permission allows the app to manage group members?
Thank you!
Here is a good read on that permissions settings page, those consent permissions are not actually a part of azure ad app registrations as of this articles writing. so that means while they are sort of graph permissions, you would use them against the graph api. They are for specific teams based resource specific permissions.
https://blog.thoughtstuff.co.uk/2020/01/microsoft-teams-has-a-new-more-granular-and-resource-specific-permissions-model-for-apps-what-is-resource-specific-consent-rsc-and-how-do-i-use-it/
the official documentation on the matter: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent
as per the microsoft link i don't see a resource specific permission to "edit" groups members.
I want to develop an Microsoft Teams app which will use Graph API and publish it to Market Place, all articles I have read suggest this integration require Application Registration on Azure Portal of a specific tenant. However, how can I register the application if the application is published, i.e. not for any specific tenant?
Yes, this is definitely possible. If you look at the screenshot in this article (just below where this link will take you), in the screenshot is show "Accounts in this organizational directory only". You want to choose the OTHER option: ""Accounts in any organizational directory".
Depending on what your app does, you will need some kind of authorization though, either from the user(s) or from the administrator, in the end-user's tenant.
Just in the title. If a company is using Skype for Business with their Office 365 subscription, are the contacts in skype for business the same contacts available by the Graph API?
My understanding is currently the only way to access Skype for business data from an API standpoint is through the UCWA 2. And that the graph is not reflecting any data for S4B. This is also why those are two different set of permissions when you declare apps in the AAD portal.
One of the reasons behind that is probably because when using the UCWA you need to talk to different resources and endpoint for Discovery and Grant flows before getting to the data.
Another one could be that UCWA provides streaming and some kind of notifications capabilities (status update, messages) which the graph doesn't support right now.
I really hope the S4B endpoints come to the graph at some point, things are going to be simpler.
We are developing a web application using Microsoft Graph, where the signed in user can, Export all the calendar events to a third party calendar Application. After this initial export, we need to keep the exported data in sync with calendar changes via service app (a scheduled task running on server). This need to be a multi tenant application, as people from different organizations should be able to use this service.
Right now we did the authentication using OAuth 2.0 and OpenID Connect as described in this sample. Later we understood that the access token we get using this method cannot be used in the service app without user interaction. Considering our scenario what is the best way to achieve this?
I have read about App-only authorization method to do this. If we use this authentication method, the app need to be consented by a tenant administrator and the these applications are quite powerful in terms of what data they can access in the Office 365 organization. Considering we are developing a product used by different organizations, will it be feasible to use this method?
To use the client credentials OAuth2.0 flow (aka "App-only" or service account access depending on who's documentation you're reading) the admin for each tenancy will need to specify which scopes your daemon process can have for users in their tenancy. The end users can't give these scoping rights to your code themselves (as far as I know at least).
One thing to watch out for is that currently Graph API doesn't allow you to mess about with calendars that are attached to Office 365 Groups if you're using the client credentials flow. This is a pain for us, so we've raised it as an issue that needs fixing in the Office 365 feedback system. if that's an issue for you or anyone else, please throw a few votes at it so that it gets more attention at Microsoft. :-)