While trying to access online meeting in order to get the start and end time of the meetings.i am getting below error.
Any help is highly appreciated. Thanks
Note : I am able to create the meeting and access it but I want to record the meeting start and end time too.Sometimes the error is ID is malformed althrough I am using the meeting ID returned from the Graph only which is being created.
Please try /me/onlineMeetings/{meetingId}.
Microsoft Graph Explorer users Delegated permission, which mainly takes effect on /me endpoint. If you want to use /users/{userId}/onlineMeetings/{meetingId} , make sure /users/{userId} is the current signed-in user.
Please don't query the online meeting of other users. It is only supported by Application permission.
The required Delegated permissions are OnlineMeetings.Read, OnlineMeetings.ReadWrite.
You can add them like this:
Related
My requirement to show all the calendar events of my wishlisted user in my Canvas App. To access the graph API, I have done App registration in AAD with Calendar.Read and User.Read permission.
Using the Client and Secret received from the registered app, Power Apps Custom Connector is created. While Testing the Custom Connector, I am getting the below error.
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}
On Analysis:
Scenario 1 : Calendar.Read - Delegated Permission Type
Api - https://graph.microsoft.com/v1.0/users/{UserID}/events
When Delegated permission is given , I am able to access and response from the calendar event API only when the UserID is mine.
But it is throwing the above mentioned error for other users (This is the actual requirement)
Scenario 2 : Calendar.Read - Application Permission Type
Api - https://graph.microsoft.com/v1.0/users/{UserID}/events
When Application permission is given , it is failing and throwing the same error.
First, Will I be able to get other user's calendar event?
What are the steps to be taken to access?
What permission type should be considered for my scenario?
Am I missing any basic settings?
Please advice. I have lost my time for this requirement.
Thanks in advance
If you where to use Delegates permission (which sounds wrong for the authentication flow you want to use) then to access another users calendar (that you have been delegated rights to either via Outlook or the Mailbox Permissions) you will need (Calendars.Read.Shared or Calendars.ReadWrite.Shared) see https://learn.microsoft.com/en-us/graph/outlook-get-shared-events-calendars
For the client credentials flow https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow which it sounds like what you want to use ? then the Calendar.Read should be enough to access the calendar if your doing anything else in the Directory then User.Read will also need to be an application permission. You probably need to look at https://support.microsoft.com/en-us/topic/verifying-oauth-configuration-for-custom-connectors-d733fdb9-6108-4199-b4f5-06e99b02d10f to do some debugging to see what actually happening with your token generation process, you can the use something like jwt.io to check the correct scopes etc.
I have an issue with accessing user data with microsoft graph api.
Context : I have a web app with a calendar inside for my users. I would like to give the user the possibility to synchronise this calendar with their microsoft calendar. I did the same thing with google calendars and it works well.
Problem : I registered an app on azure and setup my code with the correct access to login and get a token from the graph api.
It kinda works but i can only log in with the address i used to create my app on azure.
So lets say my admin address on azure is test#azure.com , then i can log in and access the data i want . But if i try with another address like for example test#customer.com, then it fails and display this message :
I keep looking for a way but the Microsoft graph documentation doesn't seem to talk about this problem.
I tried to add the account as an external user, like the message says (and maybe i did it wrong i'm not really sure of this part) but then i can log in but the data i can access doesn't match the data on the account i tried with, as if adding the user as an external user created a "new" user in my organisation.
What I want : I would like to be able to access the data of any user that try to log in with a microsoft email (if they accept the permissions of course).
It's my first time using the graph api so maybe i'm missing something simple...
Thanks
Based on the So thread reference:
When a user authenticates against your tenant, you only have access to the data controlled by your tenant. In other words, if test1#outlook.com authenticates against yourtenant.onmicrosoft.com tenant, you don't gain access to their outlook.com email.
Reason you're able to see the outlook.com email from Graph Explorer is that Graph Explorer is authenticating against their outlook.com account.
In other way, Graph Explorer is authenticating test1#outlook.com against the outlook.com tenant, not yourtenant.onmicrosoft.com.
When a user authenticates against a given tenant, that token only provides access to data within that single tenant. Microsoft Graph does not allow you to cross tenant boundaries.
Thanks Hong for the comment, you may also set your app registration to "multitenant + personal accounts"
So Reference: MS Graph External User 401 Unathorized
When using the graph explorer I am able to get results from some of the API's. However not able to get when requesting for reports
For Example, this works perfectly fine;
https://graph.microsoft.com/v1.0/users
However, calling the below report related request results in an error "We do not recognize this tenant ID ... Please double-check the tenant ID and try again." I am facing this issue for any such call for reports.
https://graph.microsoft.com/v1.0/reports/getOffice365ActiveUserDetail(period='D90')
Is there some issue with App Registration which is causing this? The error message for checking the TenantID is totally misleading as the token is same in both the cases and I am not doing anything different between the two calls. Would appreciate any guidance.
Try checking these.
Try the request after giving some time like 48 hrs approximately as
it might take a little time for the tenant id to propagate across all
the instances and reflect in Microsoft graph api.
Check if you have given valid tenant ID
check tenant expiration (as admin account)
Else check if required permissions are set.
Reports.Read.All permission is needed to call this API.Refer Microsoft
Graph permissions
Please add the Delegated permisson /the Application permission and test it again. See Microsoft Graph v1.0 | Microsoft Docs
If that’s done already check if admin consent is provided .
( Reports.Read.All permission allows an app to read all service
usage reports without a signed-in user. Make sure to check if you
granted the permission(by clicking Grant Permissions from admin
account).
See reports-permissions
References:
Similar thread
concept-reporting-api
Update:
This error may occur when the usage report is not ready .Because if
the tenant is new , it might take sometime( upto 48 hours) for
the report service to pick it up and start generating reports.
You must be able to test it manually from O365 Admin
Portal.Portal.office.com -> Admin Tab -> Show all -> Reports ->
Usage
Other wise , you may contact support to raise a request.
I am using Microsoft Graph API to read emails (/users/{id | userPrincipalName}/messages) in the mailboxes of the users in my Azure active directory. I have noticed that for some users, I get this error:
HTTP error: 404
Error code: MailboxNotEnabledForRESTAPI or MailboxNotSupportedForRESTAPI
Error message: REST API is not yet supported for this mailbox.
Upon investigation, I found out that these users do not have a valid license and also don't have a mailbox attached to them. Ideally, I would like to only fetch the users that have a mailbox enabled. I tried checking the assignedLicenses property of each user and only fetch emails for those users that have a valid license assigned to them but, I'm not sure if this is a reliable method as users might have some other license and still not have a mailbox enabled.
Can someone please suggest a straightforward way to only fetch the users that have mailboxes attached? Any help or hint shall be highly appreciated.
I don't see much options from Microsoft Graph perspective. Definitely checking the license is one good way, but you may not have much options with that. Being said that i see the following options,
you may need to use mailboxsettings API call of the user. This way you can get and update the mailbox settings of the user.
Also you can use Get-mailbox Exchange Powershell cmdlet to validate the same as well.
Using trial account, initially I created a reader account and deleted it. After that I am unable to create another reader account and getting the following error. I am not able to contact the support as well. Any help is appreciated.
Number of managed accounts allowed exceeded the limit. Please contact Snowflake support.
As it says, "you need to submit a case to Snowflake support". Could you tell me why you can not connect to the support?
Go to snowflake community:
https://community.snowflake.com/s/
Register and login, and then click "submit a case". Select "I am a 30-day trial user", and validate yourself. Then you should be able to submit a case.