Microsoft Graph API V2 application add static permissions failure - microsoft-graph-api

I am having problem migrating to Microsoft graph V2 applications, from V1 Applications.
As part of the backward compatibility offered by the new V2 applications, I can see the applications form the original V1 applications portals (old and new), however I cannot modify the application due to unknown errors (see attached screen shots).
The reason I want to use the original portal is to add permissions to other applications (In the documentation of V2 its called 'static permissions') such as 'Office365 management activity API', I think it is possible using '/applications' resource but I didn't find in the documentation how to do it.
Does someone encountered such problem and know how to overcome it or used the Graph API to get permissions for other Microsoft REST APIs?

For v1 apps, you should use the "App Registrations" blade in the newer Azure Portal (portal.azure.com). This blade has a "Required Permissions" section where you can add different permissions for different APIs.
For v2 apps, you should use the Application Registration Portal (apps.dev.microsoft.com). This portal has a "Microsoft Graph Permissions" section where you can add different permissions for the Microsoft Graph.
At this time, v2 apps only support permissions to the Microsoft Graph, if you want to access other APIs (like the Office 365 Management Activity API) you'll need to use v1 apps.
You should not use the classic Azure portal (manage.windowsazure.com) for anything really at this point.

Related

Microsoft Office 365 Apps Usage

I am trying to collate information corresponding to Microsoft 365 Apps Usage of our employees as shown in some reports on Admin Portal(admin.microsoft.com). We are facing some challenges in getting report data corresponding to these in our code.
I need following information for integration in our web application:
Do we have any Graph API or PowerShell cmdlet(not deprecated) exposed which can be integrated in our code to get Microsoft Apps Usage Data(like ProPlusUsageUserDetail excel data downloaded from admin portal)?
Can we get Version Details of Microsoft 365 Apps and Services being used by users?
We have already used graph api GetOffice365ActiveUserDetail (adding link below for reference) which give usage for only Microsoft Services and not Apps:
https://learn.microsoft.com/en-us/graph/api/reportroot-getoffice365activeuserdetail?view=graph-rest-1.0
We need same kind of information for Microsoft 365 Apps (Word, Excel, PowerPoint etc.)as well .
You can try portal.office.com and check the reports to see if you have related report is available apart from that, at this point i am not aware such information you can request from Microsoft Graph APIs. Consider raising a feature request in User voice, so that Microsoft can consider it. Here's the link for it https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests?query=report

What API do I use with the permissions my Teams app received in App Studio?

I am developing an app in Microsoft Teams using the App Studio. Towards the end of the proccess, in the section Domains and Permissions, you are allowed to give resource-specific consent permissions such as File.Read.Group. I was wondering where I would use these permissions (Microsoft Graph, Azure AD Graph, ...) to programmatically access an API. As a side question, does anybody know which permission allows the app to manage group members?
Thank you!
Here is a good read on that permissions settings page, those consent permissions are not actually a part of azure ad app registrations as of this articles writing. so that means while they are sort of graph permissions, you would use them against the graph api. They are for specific teams based resource specific permissions.
https://blog.thoughtstuff.co.uk/2020/01/microsoft-teams-has-a-new-more-granular-and-resource-specific-permissions-model-for-apps-what-is-resource-specific-consent-rsc-and-how-do-i-use-it/
the official documentation on the matter: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent
as per the microsoft link i don't see a resource specific permission to "edit" groups members.

How to integrate Microsoft Graph API for Microsoft Teams App published in Market Place?

I want to develop an Microsoft Teams app which will use Graph API and publish it to Market Place, all articles I have read suggest this integration require Application Registration on Azure Portal of a specific tenant. However, how can I register the application if the application is published, i.e. not for any specific tenant?
Yes, this is definitely possible. If you look at the screenshot in this article (just below where this link will take you), in the screenshot is show "Accounts in this organizational directory only". You want to choose the OTHER option: ""Accounts in any organizational directory".
Depending on what your app does, you will need some kind of authorization though, either from the user(s) or from the administrator, in the end-user's tenant.

Google Cloud / APIs: Quota Circumvention via multiple projects

I manage several projects, each project includes several API Clients (Android App, iOS App, PWA and backend server).
Glossary from yt API terms:
"API Client" means a website or software application (including a mobile application) developed by you that accesses or uses the YouTube API Services.
"API Project" means the project created in the Google Developer Console that is required for API Client(s) to access and use the YouTube API Services.
Following yt API terms I must create exactly one (1) API Project for that API Client. Those API Credentials are intended to be used exclusively by the associated API Client, which means that you must not use that one (1) API Project for multiple API Clients.. Then I understand that I should create one API Project for Android App, one more for iOS App, etc.
But I've recently received following email from Google:
We have recently detected your Google Cloud / APIs Projects have been circumventing our quota restrictions via multiple projects acting as one and appears to be violating YouTube API Terms of Service (III.D.1.c).
To fix the problem please delete all projects using YouTube API usage except for one project you wish to keep active
Then if I delete API Projects and keep a single one for all my API Clients, that means I should use one API Project for multiple API Clients, that is forbidden by terms.
What's the best way to follow ?

Are There Azure AD App Perms Available for Microsoft Teams REST API

I want to start doing some development with the preview edition of the Microsoft Teams APIs.
I currently have a solution working using the Azure AD v2 Endpoint but I wanted to get a working solution using the v1 Endpoint.
I can't find any Microsoft Teams permissions available in the Azure AD portal and I didn't see anything specifically about this in the Known Issues the Teams API.
Can anyone comment on whether there are any options for a pure v1 Endpoint solution using application registration available right now? If not, is it planned?
The v1 Endpoint uses the same permissions as the v2 Endpoint. The primary difference between the two is that v2 scopes can by dynamically requested during authentication while v1 Endpoint requires permissions to be pre-defined within the registration.
When using the Azure Portal, all of the permissions for Teams show up under "Microsoft Graph". For the Teams you'll generally need User.Read and Group.ReadWrite.All. The Azure Portal lists permissions by description (although you can see the underlying scope name in the tooltip):
Sign in and read user profile (user.read)
Read and write all groups (Group.ReadWrite.All)
Note that Group.ReadWrite.All does require Admin Consent. Before you can authenticate normal user's, you will first need to have an Administrator go through the Admin Consent process.
I'm posting this as the answer, because I'm pretty certain this will trip up other developers out there. Up to this point, when getting an access token for AAD v1 apps that use Microsoft Graph, you use "https://graph.windows.net" as the Resource ID. The interwebs are replete with this example, and I have it in my own code that I use for OneNote and other services.
Now with the Graph endpoint for connecting to Teams (and probably other things), the Resource ID you need to use is "https://graph.microsoft.com". Just ran through a quick test using an AAD v1 app with the Microsoft Graph API and Read All Groups permission. I'm sure there's an explanation out there from some MSFT person that might make sense, but I have not found it after many hours of searching the web.
Hope this helps someone.

Resources