I would like to understand if there is any API which can help us find the Office 365 user account information from my Excel add-in javascript code.
Eg- Let's assume a user with Office email account abc#xyz.com launches Excel, downloads my add-in from Office store and uses it.
I want to capture this user info from my app for the various users who downloaded/using my app.
Is there an API in apps for office to achieve this?
No, there is not currently an API in Office add-ins in Word/Excel/PowerPoint that exposes the user information for the person logged on to the Office clients.
In Outlook add-ins you can retrieve this information.
// Example: Allie Bellew
console.log(Office.context.mailbox.userProfile.displayName);
// Example: allieb#contoso.com
console.log(Office.context.mailbox.userProfile.emailAddress);
See the userProfile object documentation for more information.
To add to Doug's response: while it doesn't expose the user's email address, you can get a unique identifier for the user from the entitlement token, provided your app is in the Office Store. See https://msdn.microsoft.com/en-us/library/office/jj164035.aspx for more info.
The UserId property of the entitlement token response (https://msdn.microsoft.com/en-us/library/office/verificationsvc.verifyentitlementtokenresponse_members.aspx) is the purchaser ID. Per the documentation above, "This is an encrypted value of the Microsoft account used by the person who purchased the app".
Hope this helps,
~ Michael Zlatkovsky, developer on Office Extensibility team, MSFT
Related
I have an issue with accessing user data with microsoft graph api.
Context : I have a web app with a calendar inside for my users. I would like to give the user the possibility to synchronise this calendar with their microsoft calendar. I did the same thing with google calendars and it works well.
Problem : I registered an app on azure and setup my code with the correct access to login and get a token from the graph api.
It kinda works but i can only log in with the address i used to create my app on azure.
So lets say my admin address on azure is test#azure.com , then i can log in and access the data i want . But if i try with another address like for example test#customer.com, then it fails and display this message :
I keep looking for a way but the Microsoft graph documentation doesn't seem to talk about this problem.
I tried to add the account as an external user, like the message says (and maybe i did it wrong i'm not really sure of this part) but then i can log in but the data i can access doesn't match the data on the account i tried with, as if adding the user as an external user created a "new" user in my organisation.
What I want : I would like to be able to access the data of any user that try to log in with a microsoft email (if they accept the permissions of course).
It's my first time using the graph api so maybe i'm missing something simple...
Thanks
Based on the So thread reference:
When a user authenticates against your tenant, you only have access to the data controlled by your tenant. In other words, if test1#outlook.com authenticates against yourtenant.onmicrosoft.com tenant, you don't gain access to their outlook.com email.
Reason you're able to see the outlook.com email from Graph Explorer is that Graph Explorer is authenticating against their outlook.com account.
In other way, Graph Explorer is authenticating test1#outlook.com against the outlook.com tenant, not yourtenant.onmicrosoft.com.
When a user authenticates against a given tenant, that token only provides access to data within that single tenant. Microsoft Graph does not allow you to cross tenant boundaries.
Thanks Hong for the comment, you may also set your app registration to "multitenant + personal accounts"
So Reference: MS Graph External User 401 Unathorized
I work for a company where we started to share the PowerBI license for users without the Office plan. They started asking us to give them access to the Outlook to be in touch with newsletters and other reports from PowerBI. Our organization is not allowing to supply an Office license to PowerBI users.
I have a few questions :
Is there a chance to forward emails to their private mailboxes without converting them to SharedMailbox?
if I add a PowerBI license with Office plan and convert it to shared the PowerBI will be disabled on that account? If not is it possible to take it off or do I need to convert it to the regular mailbox to take it off?
I know about Mail Flow rules, are they safe to use? They are global rules either way.
I am excluding here a Contact user with one reason PowerBI license cannot be added to a Contact user.
Thanks for any suggestions
Found an answer,
Create AD account synch it with O365 move it to correct OU,
go to the user created earlier -> Attribute Editor -> Attribute: targetAddress add: SMTP:youraddress#something.com
Wait to synch and test. All emails should be redirected to the target address without having the license.
I have a custom attribute EmployeeNumber in AD, while creating CRM users when I write UserName for e.g Imran.Ahmed it automatically fetches some information from AD and fills form with that information ie first name, last name and phone number etc. Now I have added one more field in CRM to store Employee number in CRM. But CRM is not fetching it from AD.
How can I get information of custom attribute EmployeeNumber from AD to CRM form? I have been searching on internet and found some links that are saying that we have to write a plugin or call Javascript from CRM form but is there any way through which I can automatically get information from AD?
I am not aware of any AD side configurations to sync extra columns into CRM system user record. Or how to add more data to pull in the platform service when you tab out the username. Am sure you are not gonna get that information/control over that integration from Product team.
You can try this codeplex solution by reverse engineering/extending it to achieve the requirement. Or some Graph API calls to achieve it in some timely jobs.
We have our internal HR system to read/sync such data using SSIS + Kingswaysoft connector into CRM.
I'm having a problem with Microsoft Graph API... Currently I have a web application that has an openid integration with Microsoft/Azure using the common v2 endpoint.
We are trying to get the signed in user company name and job information. The official docs say that we need to make a request to the MS Graph API.
We are testing it on Microft Graph Explorer but it doesn't seem to work.
We've selected the 'User.Read' as a permission in our app, then tried these endpoints:
https://graph.microsoft.com/v1.0/me/
https://graph.microsoft.com/v1.0/me?$select=companyName,jobTitle
https://graph.microsoft.com/v1.0/users/?$select=companyName,jobTitle
In MS offical doc (https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference) on User/Remarks sections, it clearly says that
"On reads, only a limited number of properties are returned by default. To read properties that are not in the default set, use $select"
Is this doc outdated?
I've tried to reach MS support for developers, but they answered saying that I should ask this on Stack Overflow...
So probably there are no official support for developers?
Is it really possible to get the company name and job title from a MS account?
Thanks in advance!
edit. Update question with MS graph explorer screenshots
edit.2. Update screenshot with proper encoding.
Also, it's a MS account not an Azure account, since our web app accepts both of them on the common v2 endpoint.
Update
My goal was trying to get the Work Info section from a MSA account.
The documentation is correct, by default we only return a subset of user properties:
id
userPrincipalName
displayName
givenName
surname
jobTitle
mail
mobilePhone
businessPhones
officeLocation
preferredLanguage
If you want a different set of properties, you can request them using the $select query parameter. The queries you provided in your question should work fine. For example, when I execute https://graph.microsoft.com/v1.0/me?$select=companyName in Graph Explorer (after logging in with my credentials) I get the following:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(companyName)/$entity",
"companyName": "MICROSOFT"
}
Update Regarding MSA
When using Microsoft Graph against a Microsoft Account (MSA) there are several differences in what properties get surfaced. As an MSA is by definition a personal/individual account, organizational properties such as Job Title and Office Location are simply not applicable.
I'm creating a Mail Add-in for Office 365. I want to get access to calendar. Using Outlook Add-in API I get only selected item:
var item = Office.context.mailbox.item;
// Continue with processing the subject of the current item,
// which can be a message or appointment.
I found Calendar REST API, but to get a valid token I need obtain the appropriate authorization. But I'm already authorized in my add-in. I don't want to redirect user to authorize again when he has added my add-in and already granted the access to it. Is it possible to get access to calendar from my add-in without additional authorization?
At this time there is no single sign-on support between an Office ad-in and Graph. You can follow the approach outlined in this article: http://blogs.msdn.com/b/richard_dizeregas_blog/archive/2015/08/10/connecting-to-office-365-from-an-office-add-in.aspx
Eric Legault has post a good approach and I have used it. However, I have found a possibility to access to calendar from mailbox without any OAuth authorizations like with Graph API.
You can use makeEwsRequestAsync method to make an asynchronous request (SOAP messages) to an Exchange Web Services (EWS) service on the Exchange server that hosts the user’s mailbox.
Your add-in must have the ReadWriteMailbox permission and the server administrator must set OAuthAuthentication to true on the Client Access Server EWS directory to enable this method to make EWS requests.
You can find EWS reference for Exchange to learn how to build proper SOAP for your request.