Recent Discussions
How to Retrieve Windows Edition (SKU) from managedDevices API
Hi everyone, I am working with the Microsoft Graph API endpoint /v1.0/deviceManagement/managedDevices to iterate through all devices in a tenant and collect operating system related information. For Windows devices, the operatingSystem field only returns "Windows". However, Windows has multiple editions such as Enterprise, Education, and Pro. For my use case, I need the specific Windows edition. Is it possible to retrieve this information using only the v1.0 endpoint, or is the beta endpoint /beta/deviceManagement/managedDevices/{managedDeviceId} required to get the SKU family? Thanks in advance for your help.
Is there possibly no official documentation for Windows 11 search?
I have looked far and wide to find a definitive, official technical reference for the Windows 11 search service... especially for the various search parameters and the syntax they require from a savvy user to conduct a well specified, precision search for something. Is it possible that Microsoft has not produced a formal specification of Windows' search feature? Would someone from Microsoft please, please, please provide a link to such a document? Is it possible to buy it? Does it exist anywhere? Am I deluded to think that that is something that the provider of the world's most used desktop OS would have had to create, as a matter of course? I'm talking here about conducting searches, within the file system of a Windows 11 (Pro) machine, that one initiates from the "Search Home" box at the top right of every File Explorer window that gets opened by the user. Any thoughts from someone actually involved in creating the search tool? Imploringly yours, SJB
Alias for Refinable Managed Property Not Working in Search Queries
Hi, The alias for the refinable managed property has worked as expected in sortProperties for the past year, but it has recently stopped working and now returns an error. Using the original managed property name (RefinableDateSingle01) continues to work as expected. The error is shown below, together with the trace ID. Unfortunately, we are unable to switch to using RefinableDateSingle01 in sortProperties as it does not meet our business requirements. We are currently facing challenges due to the large number of SharePoint sites, many of which we do not have permission to access. As a result, we can only confirm that the refinable managed property RefinableDateSingle01 and its associated alias are configured correctly on the SharePoint sites where we have full access. What is the root cause of this issue, and how can it be resolved? https://graph.microsoft.com/v1.0/search/query { "requests": [ { "entityTypes": [ "listItem" ], "query": { "queryString": "* AND SiteId:\"siteId\"" }, "from": 0, "size": 50, "sortProperties": [ { "name": "RefinableDateSingle01", // This works when I use the refinable managed property name (RefinableDateSingle01), but it does not work when I use the alias I defined for this property "isDescending": false } ] } ] } 500 Internal Server Error (When I used alias in sortProperties) { "error": { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "FanoutDownstreamContradiction", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "TwoStepFanout_FirstStepFailed", "message": "The call failed, please try again.", "target": "", "serviceName": "Xap", "moduleName": "SubstrateSearch.FanoutV2.MultiDimensionSearchFanoutPluginV3", "contactTeam": "3sdri", "httpCode": 500 }, { "code": "FanoutDownstreamContradiction", "message": "The call failed, please try again.", "target": "", "serviceName": "FanoutService", "moduleName": "Fanout", "contactTeam": "3STenantSearchDevs", "httpCode": 500 } ], "serviceName": "FanoutService", "moduleName": "Fanout", "contactTeam": "3STenantSearchDevs", "httpCode": 500 } ], "moduleName": "SubstrateFanoutSearchWorkflow", "httpCode": 500 } ], "moduleName": "AscUserSearchFanoutWorkflowV2", "httpCode": 500 } ], "moduleName": "AscUserSearchFanoutWorkflowV2", "httpCode": 500 } ], "moduleName": "G21AscWorkflow", "httpCode": 500 } ], "moduleName": "TenantFileSearchFederationWorkflow_ASC", "httpCode": 500 } ], "moduleName": "TenantFileSearchFederationWorkflow", "httpCode": 500 } ], "moduleName": "FederationWorkflow", "httpCode": 500 } ], "moduleName": "TopLevelWorkflowBase", "httpCode": 500 }, "Instrumentation": { "TraceId": "57c005b9-07fc-453b-8c73-2650d90670e0" } }
Microsoft accounts
Hi all. I have a problem with my daughters Microsoft accounts which I'm hoping you can help with. She set up an account for her X Box on my email address (without asking me first) which is preventing me from setting up my own account for Windows. Since then she has also set up a Hotmail account with her own email address. I understand we can set up an alias on the X Box account using her email but will this conflict with the Hotmail account. The problem is she doesn't want to change her gamer tag which was set up on my email address. Any help / advice will be gratefully received. Many thanks in advanceMicrosoft accounts
Hi all I have a problem with my daughters accounts. She set up an account for her X Box on my email which has prevented me from having my own account for Windows. She has also set up her own Hotmail account for her emails. She wants to keep her gamer tag (set up on my email) not the one she has been given on the Hotmail account. I understand that I can create an alias on my account using her email and this should keep her gamer tag but will it conflict with her Hotmail account. Any help / advice will be gratefully received Many thanks in advance.Error while creating Graph API Access token
Hi guys, I am trying to create an access token for calling Graph API through browser. When I call 'https://login.microsoftonline.com/XXXX-XXXX-XXX-XXX-XXX/oauth2/token' api using AJAX, I receive below error. Access to XMLHttpRequest at 'https://login.microsoftonline.com/XXXX-XXXX-XXX-XXX-XXX/oauth2/token' from origin 'https://cevalogisticsoffice365.sharepoint.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Please can you provide me why this error is occurring and what is the solution for this. RegardsAttempt to automate GSA setup in Azure through Graph API
Hi, Using https://developer.microsoft.com/en-us/graph/graph-explorer and signed in as a user with Applications, Network, NetworkPolicy, Global Secure Access Admin roles, I am trying to POST to https://graph.microsoft.com/beta/networkAccess/connectivity/remoteNetworks using Payload Body { "name": "Hello", "region": "norwayEast" } How come I get the HTTP response code 400 with "code": "UnknownError", "message": "{\"error\":\"Invalid request parameters\"}", ?Retrieve Item Analytics for Multiple Items
Hi, our team has noticed that it’s not possible to retrieve analytics when querying a list of items using $expand. When we run this type of query, we don’t receive an error indicating that it’s not allowed; instead, the analytics property just returns null values. https://graph.microsoft.com/v1.0/sites/<<SiteId>>/lists/<<ListID>>/items?$expand=fields,analytics($expand=allTime) However, when we query a single item, everything works as expected. https://graph.microsoft.com/v1.0/sites/<<SiteId>>/lists/<<ListID>>/items/<<ListID>>/analytics/allTime Is there a way to retrieve analytics data for multiple items in one request?
Entra Conditional Access Issue
Hi Guys, Our Outlook add-in relies on the Graph API to fetch emails. Due to customer-side Conditional Access (CA) Policies, we are seeing critical failures where Continuous Access Evaluation (CAE) demands user interaction (InteractionRequired code) to resolve challenges like LocationConditionEvaluationSatisfied or TokenCreatedWithOutdatedPolicies. Since this authentication occurs backend-to-Entra, we lack a frontend mechanism to prompt the required user interaction. Is there a recommended pattern, method, or architectural change that allows our backend to redirect or challenge the user for interactive sign-in, thereby satisfying these CAE requirements and unblocking customers? Exact error messages: 1. Continuous access evaluation resulted in challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied 2. Continuous access evaluation resulted in challenge with result: InteractionRequired and code: TokenCreatedWithOutdatedPolicies
Resource display name
I want to create an event using the Graph API with a meeting room location as a resource attendee. I'm adding the meeting room as a location and inviting the meeting room as a resource attendee as described here: https://learn.microsoft.com/en-us/graph/api/user-post-events?view=graph-rest-1.0&tabs=httpMy problem is that I only have the email of the meeting room, not the display name. So a second location ends up getting added once the meeting room accepts the invite that has the correct display name (but same email). If I later try and update the time for that event, the meeting room declines the update saying that "Two or more spaces cannot be booked at the same time". If I create the event by only inviting the meeting room as an attendee and leaving the location empty, the meeting room declines saying that "Spaces cannot be booked as attendees." Is there a way to create the event so that the initial events gets accepted and I am able to successfully update the time later? Or is there a way to get the display name of the meeting room so that I can add the location with the correct display name so that the event doesn't end up with two locations?
Slow download speed using GRAPH api
I wanted to start a little discussion because I can't find any information about my issue with download speed of GRAPH api. So Let's start with some information that I have a python app that connect to my One drive Business. I have there two folders with pdf's one is about 70k and one is 7k. I connect to them successfully. I know that this API has some limitation with the amount it can download on one request but still I think it is not fault but my and lack of knowledge. The biggest problem is when I use some search feature in my app that requires searching a specific file(it just freeze my whole app). I make all communication inside my python code and I don't see any room to further optimization. I will just mention that this is my first time working with API and clearly don't know where to ask for any help.
The requesting principal is not authorized to set group preferred data location
We have our tenant with 4 Geo locations. And inside power automate flow I am sending this Graph Api to create a new security group under specific Geo location:- but I am getting this error:- The requesting principal is not authorized to set group preferred data location. Now if i remove this parameter:- "preferredDataLocation": "AUS", the Office 365 group will get created under the default location, but I need to add it to the specific location. the service account running the graph Api call has SharePoint, group and teams admin permissions. any advice? ThanksFilters and Images/thumbnails with new Copilot Search
Did anyone else use the filters on the verticals before new Copilot Search and find it very frustrating with the new experience to only have Modified, Type, and Person as the filters? It makes your non-M365 connectors almost unsusable. Also losing the ability to add our custom icons and thumbnails is a big loss to the user experience. Anyone else?Share MS Teams recording with someone using Graph API
Hi, There is a requirement to share MS Teams recordings with the required Azure AD users using Graph API. We a Power Automate flow which runs after the meeting sessions end. The requirement is that all recordings related to the that session should be shared with specified users which many vary based on the session configuration. We have the meeting joining URL and also the meeting ID, long string and not the GUID. We have tried two approaches using the Graph API. 1) using the approach below we were able to get the meeting records https://graph.microsoft.com/v1.0/users/84e35ca5-0000-0000-0000-20ef90928402/onlineMeetings/MSo4NGUzNWNhNS02NjM3LTQ4NGEtYmE5MS0yMGVmOTA5MjgwertyMCoqMTk6bWVldGluZ19OR123TlRZMU0ySXRNRGMzT0MwMFl6SXdMVGhoT0RrdFpHTXlOak5pT0dOa05qVTBAdGhyZWFkLnYy/recordings but this approach is good if you want to get the recording content to copy it to another location, it does not return the OneDrive location. 2) using the following approach we can get the OneDrive path but there is no way to filter the recordings https://graph.microsoft.com/v1.0/drives/b!u_gscMc-uEeF2AgpET9lx123werdOz1Fg_KTQFlVLnYAXRY1W9IKQqzF7v234rW1/root:/Recordings:/children so it is not feasible By using the first approach, we can move the recording to SharePoint and share it from there but considering the recording size, we do not want to use this approach unless there is no other way. Let me know if there is any other way or if i am missing any thing.Graph API : Authorization_RequestDenied Message: Insufficient privileges to complete the operation.
Hi Team, I have a Graph app and user configured with the following resourceAccess scopes: Code "resourceAccess": [ { "id": "06da0dbc-49e2-44d2-8312-53f166ab848a", "type": "Scope" }, { "id": "9c7a330d-35b3-4aa1-963d-cb2b9f927841", "type": "Scope" }, { "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", "type": "Scope" }, { "id": "b340eb25-3456-403f-be2f-af7a0d370277", "type": "Scope" } ] However, when trying to pull presence data, I receive the following error in Postman: Code StatusCode: Forbidden Message: Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. Graph Explorer also fails to return presence for a specific user using: https://graph.microsoft.com/beta/users/{user-id}/presence But the endpoint for the signed-in user works fine: https://graph.microsoft.com/beta/me/presence Admin consent has been granted, and even the Global Admin cannot retrieve presence for other users. Other permissions work fine — the app can list users and connect without issue. Presence is the only operation failing. Question: How can I investigate this behavior in Azure/Entra using the request-id or client-request-id from the error response? Or what could cause this behavior? Thanks in advance!Can a Teams Channel name start with space?
Dear Community, I am facing an issue fetching the children of a teams channel when the channel name is renamed and starts with empty space. Ex: Original Channel Name: "Test" Renamed Channel Name: " Test 123" This page does not mention anything on this https://learn.microsoft.com/en-us/microsoftteams/limits-specifications-teams Any help or hints are much appreciated. Thanks Pramod VedalaDoes Microsoft Graph API Throttle When Triggering More Than 200 On-Demand Remediation Calls?
Hi Everyone, I'm using the following Microsoft Graph API endpoint to trigger proactive remediation scripts on Intune-managed devices: POST https://graph.microsoft.com/beta/deviceManagement/managedDevices/{managedDeviceId}/initiateOnDemandProactiveRemediation My scenario involves triggering this API for around 200+ devices, each with multiple scripts. I have a few concerns and would appreciate some guidance: Are there any throttling limits specific to this endpoint or the Intune service that I should be aware of? If I send 200+ POST requests in a short time window, will I hit rate limits or receive 429 errors? What is the recommended approach to avoid throttling — should I batch requests, add delays, or implement retry logic? Is there any official documentation or best practices for handling bulk remediation triggers? I’ve reviewed the general Microsoft Graph throttling guidance and service-specific throttling limits, but I’m unsure how they apply to this specific endpoint. Any help, examples, or insights would be greatly appreciated! Thanks, Swahela MullaThe specified object was not found in the store., The process failed to get the correct properties.
Hi, I've set up a change notification using the Microsoft Graph API so that Microsoft sends webhook notifications to our server whenever a new email arrives in a specific mailbox. Each notification includes the ID of the new email. Our server then uses this ID to retrieve the email body via an HTTP GET request to Microsoft Graph. However, we've encountered a few instances where the server receives a error when attempting to retrieve the email. The error message is: Error Message: Exception: Microsoft.Graph.Models.ODataErrors.ODataError: The specified object was not found in the store., The process failed to get the correct properties. Has anyone experienced this before or have any insights into why this might be happening? Thanks!
users/{id}/authentication/methods generates many 429 errors.
Hi, In a large inventory script one of the lists it generates contains all registered MFA methods for all users ("users/$UserId/authentication/methods"). My environment has 10k users, querying the resource sequentially takes over an hour, so I made it multithreaded. I use 16 in my 20 core system, that brings it down to ~30 mins. In another function in the same inventory script uses multithreading too, it lists all group members of ~7500 groups using "groups/$GroupId/members" that only takes 2 min and 15 seconds. I played around with the number of cores, and barely get any 429's but still takes close to an hour. I tried consistencylevel "Eventual" in the header, but had no effect. Is this difference caused by an issue in the MSgraph backend? or is there something I can fix on my end to improve performance? Cheers, Sander
Recent Blogs
- ServiceNow tickets Graph connector is now generally available, adding to the suite of Microsoft Graph connectors for ServiceNowJan 17, 2024
- Get complete control of your Graph connectors rollout strategy with a measured exposure of connections to select users and groupsDec 01, 2023
