Recent Discussions
Unable to retrieve all attachments from forwarded Outlook emails using Graph API
We have integrated Outlook with our system using Microsoft Graph API and subscribed to message events. Whenever we receive an event, we process the email message at our end. Currently, we are facing an issue related to attachments in forwarded email conversations. Scenario An email conversation contains multiple replies. Some of these replies contain attachments. When a user forwards the entire email thread, Outlook generates a forwarded email that includes the conversation history in the email body. Problem When we receive the forwarded email event and fetch the message details using the Microsoft Graph API, we observe the following: The forwarded email only contains the latest reply's attachment. Attachments from earlier replies in the thread are not included in the forwarded message attachments. In some cases: The first reply contains an attachment. Subsequent replies do not contain attachments. When the user forwards the email, the forwarded message JSON shows: hasAttachments: false But, the forwarded email body still contains the previous conversation that had attachments. Our Questions Is there a way to retrieve all attachments from the entire email thread when a conversation is forwarded? Can we retrieve these attachments using the current user's access token via Microsoft Graph API? If there is a way, please also let us know how we can identify forwarded emails using the Microsoft Graph API, so that we can apply this solution only for forwarded emails. Our Requirement We need a reliable solution that works in production to ensure that all attachments from the email conversation are retrieved, even when the email thread is forwarded. This issue is currently impacting our production system, so we would greatly appreciate any guidance on the correct approach. Thank you in advance for your support.Mails with attachments sent via the Graph API are stuck in drafts folder and not being sent
Mails being sent via Graph API using the createUploadSession way is keeping the mails in the Drafts folder and not being sent. This was working till mid January. Is there any graph update/ api deprecation that happened recently that is causing the issue?
Is principalId Always a GUID in Microsoft Graph ??
{ "error": { "code": "Request_BadRequest", "message": "Invalid GUID:HR", "innerError": { "date": "2026-02-13T06:44:24", "request-id": "87678d90-1d94-4131-a705-4356ad3568a4", "client-request-id": "63569c7b-1dea-42d4-8d72-aa3668c78418" } } } We’re encountering an issue with the Microsoft Graph API response for directoryRole Recently, one of our Graph API calls started returning a response where the principalId value appears to be a custom string instead of the expected GUID. In our code, we loop through each id from the delta response, assuming it will always be a valid GUID. However, we are now getting errors because one of the returned principalId values does not match the expected format. Our questions: Is it possible for Microsoft Graph API to return a custom string instead of a GUID for principalId? Has anyone experienced similar behavior with delta queries for directoryRole or any other object? Are there any known scenarios where the principalId format differs from the standard GUID? Any insights would be appreciated.
Intermittent connection failures with login.microsoftonline.com since Jan
we are getting intermittent connection failures (handshake error http -1) while connecting to token URL - "login.microsoftonline.com" since last one month. Anything changed as far as accessing this graph API access token URL? tried grabbing certificate from this URL but still the issue persists. which certificate should we be using? anybody has any insights on this issue?
unable to send notification to teams channel using graph api
We tried to send notification to teams channel using microsoft graph api via python we can able to send to message to the channel but the notification is not getting triggered in the activity tab we have refered below documentation. https://learn.microsoft.com/en-us/graph/api/team-sendactivitynotification?view=graph-rest-1.0&tabs=python Also we don't need device authentication and browser authentication please share approach to bypass those things. below is the error we are facing. raise exc msgraph.generated.models.o_data_errors.o_data_error.ODataError: APIError Code: 403 message: None error: MainError(additional_data={}, code='Forbidden', details=None, inner_error=InnerError(additional_dmsgraph.generated.models.o_data_errors.o_data_error.ODataError: APIError Code: 403 message: None error: MainError(additional_data={}, code='Forbidden', details=None, inner_error=InnerError(additional_d APIError Code: 403 message: None error: MainError(additional_data={}, code='Forbidden', details=None, inner_error=InnerError(additional_d Code: 403 message: None error: MainError(additional_data={}, code='Forbidden', details=None, inner_error=InnerError(additional_d message: None error: MainError(additional_data={}, code='Forbidden', details=None, inner_error=InnerError(additional_d error: MainError(additional_data={}, code='Forbidden', details=None, inner_error=InnerError(additional_data={}, client_request_id='________-___-____-____-____________', date=datetime.datetime(2026, 2, 3, 14, 37, 8), odata_type=None, request_id='________-___-____-____-____________'), message="Application with AAD App Id '________-___-____-____-____________' is not authorized to generate notifications about 'https://graph.microsoft.com/v1.0/teams/6a6079bc-feaf-4865-bc21-1201b310c25c' to the recipient. Ensure that the expected Teams app is installed in the target scope (user, team, or chat).", target=None). Please help us to resolve this issue.Deleted security groups return "securityEnabled": false, appear as ‘unrecognized’ in Entra admin
When retrieving the list of soft-deleted groups with Graph, both M365 groups and security groups are returned. However, the securityEnabled flag is returned as false for security groups. Is this a bug? This likely leads to displaying them in the Entra admin center as 'Unrecognized' type.
Slow UI update for deleted events
I've built an integration that continuously syncs events between an external scheduling system and Exchange Online using Microsoft Graph. I'm observing a recurring issue when deleting calendar events via Graph: A DELETE request to Graph returns success (204 No Content). A subsequent GET /events/{id} returns 404, confirming the event is deleted server-side. However, the event continues to appear in the Outlook UI (both Outlook Web and desktop) for an extended period (sometimes hours), even after page reloads or app restarts. The odd behaviour The event is still displayed in the user interface for up to several hours The event persist through page reloads If the user clicks the event it opens briefly and immediately closes, the event disappears from the UI afterward. Additional details Delete endpoint: /users/{id}/events/{id} Graph response: 204 No Content Verified deletion via GET → 404 Reproduces in both Outlook Web and Outlook desktop Questions Is this a known Outlook client caching or calendar view indexing issue? Is there a way to force client reconciliation after deletes? Are there Graph or Exchange constraints around rapid create/update/delete cycles that could cause this UI inconsistency?
How to Retrieve Windows Edition (SKU) from managedDevices API
Hi everyone, I am working with the Microsoft Graph API endpoint /v1.0/deviceManagement/managedDevices to iterate through all devices in a tenant and collect operating system related information. For Windows devices, the operatingSystem field only returns "Windows". However, Windows has multiple editions such as Enterprise, Education, and Pro. For my use case, I need the specific Windows edition. Is it possible to retrieve this information using only the v1.0 endpoint, or is the beta endpoint /beta/deviceManagement/managedDevices/{managedDeviceId} required to get the SKU family? Thanks in advance for your help.Is there possibly no official documentation for Windows 11 search?
I have looked far and wide to find a definitive, official technical reference for the Windows 11 search service... especially for the various search parameters and the syntax they require from a savvy user to conduct a well specified, precision search for something. Is it possible that Microsoft has not produced a formal specification of Windows' search feature? Would someone from Microsoft please, please, please provide a link to such a document? Is it possible to buy it? Does it exist anywhere? Am I deluded to think that that is something that the provider of the world's most used desktop OS would have had to create, as a matter of course? I'm talking here about conducting searches, within the file system of a Windows 11 (Pro) machine, that one initiates from the "Search Home" box at the top right of every File Explorer window that gets opened by the user. Any thoughts from someone actually involved in creating the search tool? Imploringly yours, SJBAlias for Refinable Managed Property Not Working in Search Queries
Hi, The alias for the refinable managed property has worked as expected in sortProperties for the past year, but it has recently stopped working and now returns an error. Using the original managed property name (RefinableDateSingle01) continues to work as expected. The error is shown below, together with the trace ID. Unfortunately, we are unable to switch to using RefinableDateSingle01 in sortProperties as it does not meet our business requirements. We are currently facing challenges due to the large number of SharePoint sites, many of which we do not have permission to access. As a result, we can only confirm that the refinable managed property RefinableDateSingle01 and its associated alias are configured correctly on the SharePoint sites where we have full access. What is the root cause of this issue, and how can it be resolved? https://graph.microsoft.com/v1.0/search/query { "requests": [ { "entityTypes": [ "listItem" ], "query": { "queryString": "* AND SiteId:\"siteId\"" }, "from": 0, "size": 50, "sortProperties": [ { "name": "RefinableDateSingle01", // This works when I use the refinable managed property name (RefinableDateSingle01), but it does not work when I use the alias I defined for this property "isDescending": false } ] } ] } 500 Internal Server Error (When I used alias in sortProperties) { "error": { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "FanoutDownstreamContradiction", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "TwoStepFanout_FirstStepFailed", "message": "The call failed, please try again.", "target": "", "serviceName": "Xap", "moduleName": "SubstrateSearch.FanoutV2.MultiDimensionSearchFanoutPluginV3", "contactTeam": "3sdri", "httpCode": 500 }, { "code": "FanoutDownstreamContradiction", "message": "The call failed, please try again.", "target": "", "serviceName": "FanoutService", "moduleName": "Fanout", "contactTeam": "3STenantSearchDevs", "httpCode": 500 } ], "serviceName": "FanoutService", "moduleName": "Fanout", "contactTeam": "3STenantSearchDevs", "httpCode": 500 } ], "moduleName": "SubstrateFanoutSearchWorkflow", "httpCode": 500 } ], "moduleName": "AscUserSearchFanoutWorkflowV2", "httpCode": 500 } ], "moduleName": "AscUserSearchFanoutWorkflowV2", "httpCode": 500 } ], "moduleName": "G21AscWorkflow", "httpCode": 500 } ], "moduleName": "TenantFileSearchFederationWorkflow_ASC", "httpCode": 500 } ], "moduleName": "TenantFileSearchFederationWorkflow", "httpCode": 500 } ], "moduleName": "FederationWorkflow", "httpCode": 500 } ], "moduleName": "TopLevelWorkflowBase", "httpCode": 500 }, "Instrumentation": { "TraceId": "57c005b9-07fc-453b-8c73-2650d90670e0" } }
Microsoft accounts
Hi all. I have a problem with my daughters Microsoft accounts which I'm hoping you can help with. She set up an account for her X Box on my email address (without asking me first) which is preventing me from setting up my own account for Windows. Since then she has also set up a Hotmail account with her own email address. I understand we can set up an alias on the X Box account using her email but will this conflict with the Hotmail account. The problem is she doesn't want to change her gamer tag which was set up on my email address. Any help / advice will be gratefully received. Many thanks in advanceMicrosoft accounts
Hi all I have a problem with my daughters accounts. She set up an account for her X Box on my email which has prevented me from having my own account for Windows. She has also set up her own Hotmail account for her emails. She wants to keep her gamer tag (set up on my email) not the one she has been given on the Hotmail account. I understand that I can create an alias on my account using her email and this should keep her gamer tag but will it conflict with her Hotmail account. Any help / advice will be gratefully received Many thanks in advance.Error while creating Graph API Access token
Hi guys, I am trying to create an access token for calling Graph API through browser. When I call 'https://login.microsoftonline.com/XXXX-XXXX-XXX-XXX-XXX/oauth2/token' api using AJAX, I receive below error. Access to XMLHttpRequest at 'https://login.microsoftonline.com/XXXX-XXXX-XXX-XXX-XXX/oauth2/token' from origin 'https://cevalogisticsoffice365.sharepoint.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Please can you provide me why this error is occurring and what is the solution for this. RegardsAttempt to automate GSA setup in Azure through Graph API
Hi, Using https://developer.microsoft.com/en-us/graph/graph-explorer and signed in as a user with Applications, Network, NetworkPolicy, Global Secure Access Admin roles, I am trying to POST to https://graph.microsoft.com/beta/networkAccess/connectivity/remoteNetworks using Payload Body { "name": "Hello", "region": "norwayEast" } How come I get the HTTP response code 400 with "code": "UnknownError", "message": "{\"error\":\"Invalid request parameters\"}", ?Retrieve Item Analytics for Multiple Items
Hi, our team has noticed that it’s not possible to retrieve analytics when querying a list of items using $expand. When we run this type of query, we don’t receive an error indicating that it’s not allowed; instead, the analytics property just returns null values. https://graph.microsoft.com/v1.0/sites/<<SiteId>>/lists/<<ListID>>/items?$expand=fields,analytics($expand=allTime) However, when we query a single item, everything works as expected. https://graph.microsoft.com/v1.0/sites/<<SiteId>>/lists/<<ListID>>/items/<<ListID>>/analytics/allTime Is there a way to retrieve analytics data for multiple items in one request?Entra Conditional Access Issue
Hi Guys, Our Outlook add-in relies on the Graph API to fetch emails. Due to customer-side Conditional Access (CA) Policies, we are seeing critical failures where Continuous Access Evaluation (CAE) demands user interaction (InteractionRequired code) to resolve challenges like LocationConditionEvaluationSatisfied or TokenCreatedWithOutdatedPolicies. Since this authentication occurs backend-to-Entra, we lack a frontend mechanism to prompt the required user interaction. Is there a recommended pattern, method, or architectural change that allows our backend to redirect or challenge the user for interactive sign-in, thereby satisfying these CAE requirements and unblocking customers? Exact error messages: 1. Continuous access evaluation resulted in challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied 2. Continuous access evaluation resulted in challenge with result: InteractionRequired and code: TokenCreatedWithOutdatedPolicies
Resource display name
I want to create an event using the Graph API with a meeting room location as a resource attendee. I'm adding the meeting room as a location and inviting the meeting room as a resource attendee as described here: https://learn.microsoft.com/en-us/graph/api/user-post-events?view=graph-rest-1.0&tabs=httpMy problem is that I only have the email of the meeting room, not the display name. So a second location ends up getting added once the meeting room accepts the invite that has the correct display name (but same email). If I later try and update the time for that event, the meeting room declines the update saying that "Two or more spaces cannot be booked at the same time". If I create the event by only inviting the meeting room as an attendee and leaving the location empty, the meeting room declines saying that "Spaces cannot be booked as attendees." Is there a way to create the event so that the initial events gets accepted and I am able to successfully update the time later? Or is there a way to get the display name of the meeting room so that I can add the location with the correct display name so that the event doesn't end up with two locations?Slow download speed using GRAPH api
I wanted to start a little discussion because I can't find any information about my issue with download speed of GRAPH api. So Let's start with some information that I have a python app that connect to my One drive Business. I have there two folders with pdf's one is about 70k and one is 7k. I connect to them successfully. I know that this API has some limitation with the amount it can download on one request but still I think it is not fault but my and lack of knowledge. The biggest problem is when I use some search feature in my app that requires searching a specific file(it just freeze my whole app). I make all communication inside my python code and I don't see any room to further optimization. I will just mention that this is my first time working with API and clearly don't know where to ask for any help.
The requesting principal is not authorized to set group preferred data location
We have our tenant with 4 Geo locations. And inside power automate flow I am sending this Graph Api to create a new security group under specific Geo location:- but I am getting this error:- The requesting principal is not authorized to set group preferred data location. Now if i remove this parameter:- "preferredDataLocation": "AUS", the Office 365 group will get created under the default location, but I need to add it to the specific location. the service account running the graph Api call has SharePoint, group and teams admin permissions. any advice? Thanks
Recent Blogs
- ServiceNow tickets Graph connector is now generally available, adding to the suite of Microsoft Graph connectors for ServiceNowJan 17, 2024
- Get complete control of your Graph connectors rollout strategy with a measured exposure of connections to select users and groupsDec 01, 2023
