Recent Discussions
Pin a message in a channel in MS Teams using MS Graph API
I've created a MS Teams app and as part of it's functionality, it has to pin the message (in both one-on-one chat and in a channel) on behalf of the user I'm using below API to pin a message in a channel in MS Teams https://graph.microsoft.com/v1.0/chats/<chatID>/pinnedMessages Endpoint: - POST https://graph.microsoft.com/v1.0/chats/19:....@thread.tacv2/pinnedMessages Body: { "email address removed for privacy reasons": "https://graph.microsoft.com/v1.0/chats/19:....@thread.tacv2/messages/<message_id>" } Note: - 19:....@thread.tacv2 is the chatID of the channel And I get a successful response as below 201 Created { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#chats('19%3.......%40thread.tacv2')/pinnedMessages/$entity", "id": "<message_id>" } But when I go that particular channel, I don't see the message as the pinned message in the channel But when I try to get the list of pinned message in a channel using below API, it gives the response that the above message which I pinned. But I don't see it in the channel in MS Teams. And I'm facing this issue only while pinning the message in the channel using MS Graph API. I don't face the same issue with one-on-one chat with the bot I've created.
Missing added files (v1.0/me/drive/recent?$top=1000)
Missing added files In LMS we allow customers to add recent files across organization as course materials. We fetch recent files via graph API call https://graph.microsoft.com/v1.0/me/drive/recent?$top=1000 . Typical scenario for adding files would be the following. 1) user puts file from his PC to whatever location in sharepoint 2) he edits course and sees his file, and its added Currently user won't be able to see his files. Just uploaded files by user are missing from this query results. To make files appear user have to go to sharepoint and click Preview, then Download, then try rename files to make them appear in the query results. It would be very uncofmortable for user (and for our support to explain) to do it to make files appear. Can you please show just added files in https://graph.microsoft.com/v1.0/me/drive/recent?$top=1000 call. Just in case we contacted Microsoft Support 3 times already 2 years ago with no promises to fix it, but new client has same situation, so I decided to post it here as well. Thanks.
How to get a user P.O. Box from Active directory using Graph API
Inside our Active Directory, we have this value for the P.O Box:- now i want to get this value based on the user's email address using graph api, i tried those endpoint, but never able to get the P.O. Box value, here what i tried:- 1) https://graph.microsoft.com/beta/users/<useremail>/profile/ I got this as part of the response, "company": { "displayName": "****", "pronunciation": null, "department": "***", "companyCode": null, "officeLocation": "****", "webUrl": null, "secondaryDepartment": null, "address": { "type": "business", "postOfficeBox": null, "street": "****", "city": "***", "state": "***", "countryOrRegion": "**", "postalCode": "***" } } } there there is postOfficeBox but it is null 2) https://graph.microsoft.com/v1.0/users/<email address> this does not include P.O. Box any advice?Clone Team endpoint is broken
Microsoft Graph's "clone Team" endpoint is not working as intended and changes its behaviour without any communication from Microsoft. The problem is the new feature that enables users to name the primary channel. Until yesterday, the primary channel was just created as a "normal" channel in the cloned team and an additional primary channel with the default name "General" was created. Since yesterday, the primary channel is now cloned "correctly", but now the tabs are completely ignored and not even the default "Notes" tab is created in the primary channel. So when cloning a team, the primary channel itself is created, but it is just completely empty. Will this be fixed and if so, when? And are there any additional resources for changes in the Graph API that I don't know about? Because this is not mentioned in the Graph API changelog. It seems like Microsoft is indeed working on this, but this last change does not fix anything, it makes it even worse.
Should DriveItem permission support grantedToV2 in the future?
I'm trying to retrieve both metadata and permissions for a DriveItem using Microsoft Graph API. However, I noticed that the permission models between GET /drive/items/{item-id} and GET /drive/items/{item-id}/permissions seem inconsistent. References: 1. DriveItem metadata (with permission included): https://learn.microsoft.com/en-us/onedrive/developer/rest-api/resources/driveitem?view=odsp-graph-online#relationships The permissions property on a DriveItem refers to the Permission resource in the OneDrive API. 2. Permission resource in OneDrive API: https://learn.microsoft.com/en-us/onedrive/developer/rest-api/resources/permission?view=odsp-graph-online Supports grantedTo but not grantedToV2. grantedTo is not marked as deprecated in this API. 3. Permission resource in Graph API: https://learn.microsoft.com/en-us/graph/api/resources/permission?view=graph-rest-1.0 Supports both grandedTo and grantedToV2. Explicitly marks grantedTo as deprecated. Questions: 1. Why is grantedTo not marked as deprecated in the DriveItem metadata response, while it is deprecated in the Microsoft Graph permissions API? (I saw this article mentioning that grantedTo will be deprecated, but it does not specify a timeline.) 2. Should we be using grantedTo or grantedToV2 when retrieving permissions from a DriveItem's metadata? 3. If grantedToV2 is preferred, is there any plan to support grantedToV2 in the GET /drive/items/{item-id} response in the future? This inconsistency makes it unclear whether grantedTo is still valid or if we should be transitioning to grantedToV2 across all endpoints. Any clarification from Microsoft would be greatly appreciated! Thank you.
Failed to list all calendars for certain users with graph api
We failed to list all calendars for certain users with graph api, only 2 calendars are listed. However, when we use ews api, we can list all 7 calendars with FolderClass being IPF.Appointment. Does anyone know why this inconsistency between both apis? graph api endpoint: https://graph.microsoft.com/v1.0/users/8057cafb-1848-4b5d-a213-5dc40453c8f7/calendarGroups/{calendar_group_id}/calendars ews api endpoint: https://outlook.office365.com/EWS/Exchange.asmx <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <t:RequestServerVersion Version="Exchange2013" /> <t:ExchangeImpersonation> <t:ConnectingSID> <t:PrincipalName>user principal name</t:PrincipalName> </t:ConnectingSID> </t:ExchangeImpersonation> </soap:Header> <soap:Body> <m:SyncFolderHierarchy> <m:FolderShape> <t:BaseShape>IdOnly</t:BaseShape> <t:AdditionalProperties> <t:FieldURI FieldURI="folder:ParentFolderId"></t:FieldURI> <t:FieldURI FieldURI="folder:DisplayName"></t:FieldURI> <t:FieldURI FieldURI="folder:FolderClass"></t:FieldURI> </t:AdditionalProperties> </m:FolderShape> </m:SyncFolderHierarchy> </soap:Body> </soap:Envelope>grantedTo and grantedToIdentities removed from graph api Permission. What's the exact time table?
Hi, Microsoft announced that the Permission resource of the graph API will be gradually phased out and deprecated the grantedTo and grantedToIdentities fields. We would like to know the exact time table, such as the month and day when the phaseout will begin, and if there are differences in the phaseout time in various regions around the world and a clear time table. Because before this time we need to adjust the eliminated fields to grantedToV2 and grantedToIdentitiesV2 in order to continue to use the following endpoints GET {resource path}/permissions GET {resource path}/permissions/permission-id PATCH {resource path}/permissions/permission-id POST {resource path}/permissions Announcement: https://devblogs.microsoft.com/microsoft365dev/removal-of-deprecated-sharepoint-onedrive-permission-resource-properties/ Thank you~!
Issue with Downloading Teams Sticker via Graph API - HTTP 400 Bad Request
Hi all, I am encountering an issue when attempting to download a sticker from Microsoft Teams using the Graph API. Below are the details of my request and the problem I am facing: Issue Description: I am using the following API format to download a sticker: GET https://graph.microsoft.com/v1.0/teams/xxx/messages/yyy/hostedContents/zzz/$value The request returns an HTTP 400 Bad Request response. The error details are as follows: { "error": { "code": "BadRequest", "message": "Provided hosted content identifier is invalid." }} Upon decoding zzz part of the API request URL, I obtained the following information: id=,type=1,url=https://us-prod.asyncgw.teams.microsoft.com/v1/url/content?url=https%3a%2f%2fstatic.wixstatic.com%2fmedia%2f4b00a4_e293905cf80f4ba4853c80a0a98dd748~mv2.png From the decoded data, it appears that the id field is empty. I suspect that this might be the reason why I am receiving the HTTP 400 Bad Request response. Questions: Has anyone encountered a similar issue when attempting to download a hosted sticker from Teams via the Graph API? Is there a specific reason why the id field is empty in the decoded content information? How can I resolve this issue and successfully retrieve the sticker content? Any insights or guidance on resolving this issue would be greatly appreciated. Thank you for your support. Best regards, Kein
"Insufficient privileges to complete the operation" while using Graph API
Hello, everyone! I'm trying to use the Microsoft Graph API with App Authentication to assign an Product License to a user. My App has the App permissions "LicenseAssignment.ReadWrite.All", "Directory.ReadWrite.All" and "User.ReadWrite.All". https://graph.microsoft.com/v1.0/users/$upn/assignLicense { "error": { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": { "date": "2025-03-19T08:17:35", "request-id": "c368027b-6462-472f-a726-a9b04b26e11e", "client-request-id": "c368027b-6462-472f-a726-a9b04b26e11e" } } } My request body looks as follows: { "addLicenses": [ { "disabledPlans": [], "skuId": "..." } ], "removeLicenses": [] } For assigning a license, I got teams(community) list, and members list. I hope for your selfless help.
30-Minute Delay in Retrieving Team Sites Data via Microsoft Graph API
I am experiencing an issue when creating a team in Microsoft Teams and retrieving site data using the Microsoft Graph API. The team’s site data does not appear immediately but becomes available only after approximately 30 minutes. What is the reason for this delay? Is there a way to speed up the availability of site data after a team is created so it can be accessed more quickly via the API?Is Microsoft Search meant to still be available in Office apps?
According to https://learn.microsoft.com/en-us/microsoftsearch/overview-microsoft-search The first picture under the heading What users see, and the description, imply that users are meant to be able to use Microsoft Search from within Office apps, however, at least in 2 of our tenants, it appears to now just search within the document. Is this a bug? Is Microsoft Search meant to still be available in Office apps? - Microsoft Q&A
usageRights api returning multiple results for the same catalogID
So I'm using Graph SDK's usageRights endpoint to test license management for a transactable offer. I'm curious to know how it is that I'm getting a result that looks like this. (actual property values masked) For the same serviceIdentifier and catalogId I get two different results for the same user. The only difference being the actual usageRight id { "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('some-user-id')/usageRights", "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET users('<guid>')/usageRights?$select=catalogId,serviceIdentifier", "value": [ { "id": "some-usage-right-id", "catalogId": "XXX:0001", "serviceIdentifier": "my.test-offer.plan1", "state": "inactive" }, { "id": "some-other-usageright-id", "catalogId": "XXX:0001", "serviceIdentifier": "my.test-offer.plan1", "state": "active" } ] } When I unnasign this license and make the same call, I get the following result { "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('some-user-id')/usageRights", "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET users('<guid>')/usageRights?$select=catalogId,serviceIdentifier", "value": [ { "id": "some-usage-right-id", "catalogId": "XXX:0001", "serviceIdentifier": "my.test-offer.plan1", "state": "inactive" } ] } This implies to me that for some reason, I have a "hanging" usageRight perhaps from some previous test. My question is, how do I reliably determine which of these two usageRights is the correct one to use? Based on what I've written above it's clearly the second one but how do I determine this in code?Grant "read" role for a DriveItem to an Entra ID app
Context My web app uses an Entra ID application to organize file transfer from Sharepoint to the local storage. For this to work, a combination of “Files.Read.All” Delegated permission and FilePicker SDK v7.2 for JavaScript is used. A user authorizes using his Microsoft work account, agrees with the consent, selects a file, and the web app reads and downloads that file. Question How to have a stable way for the Entra ID app to read any file, which was previously selected by any user, at any time? (Have a permanent “read” access) What I have tried Files.SelectedOperations.Selected Application permission. I can request a JWT token for the Entra ID app (POST /tenant_id/oauth2/v2.0/token), but a call (POST /v1.0/sites/site_Id/drives/drive_Id/items/item_Id/permissions) to grant “read” role for a DriveItem by siteId, driveId and itemId retrieved from FilePicker SDK's response returns 403 “accessDenied”. Apparently, that’s the user who must grant access to that file, but on UI he cannot share it with an Entra ID app, only with another user. Re-usage of user’s accessToken which comes from FilePicker SDK to backend to grant "read" role for the Entra ID app to the file he has just selected. This accessToken is not full and cannot be used to perform such an operation. Ultimate Goal (just for more context) Implement OneDrive file auto-synchronization service for the web app. For example, a user uploads a file to the web app. A month later he updates this file on Sharepoint in a site-collection or My Files. A background task is launched daily to update obsoleted files in the web app. The application must be able to read and download the respective DriveItem without any user interaction. Business Restrictions Excessive Application type permissions (Files.Read.All, FullControl, etc.) are not allowed. Sites.Selected is highly NOT preferred because it requires global changes for users to transfer (copies of) their content on a special site-collection the Entra ID app will have to monitor. So is actual if each customer Users should not be involved into using developer tools, like sending POST requests through Postman or Graph Explorer. Authorization flows which involve refreshing the received users' accessTokens are not allowed. I am grateful for any information and ideas!Graph api permission
I have an interesting case. I need to retrieve metadata for all files stored in OneDrive across all users, including details like file name, size, and last modified date. However, I do not want to have access to the actual document content. My current understanding is that the Files.Read.All permission grants access to all documents, which I want to avoid. What permission should I use to achieve this?Cannot get webinar registrants
I'm trying to use PowerAutomate's Send a Microsoft Graph HTTP request to get webinar registrant details. The end goal is to send registrant details into make.com as part of a wider automation, but I simply cannot get the GET request to work. I want to know if it's actually possible to do - thanks for your patience, I feel a little out of my depth...Getting delta change for files from team and its channels
We are processing delta changes from onedrive data and teams data. We are using delta api so if someone share the current file with any user we got the file details in delta api for onedrive item. But in case of teams and channle data it won't. So is there any way to get delta for the files from team if shared with some othe user or team. We also want api to know files shared with team as we are also fetching data shared with user by using insight apiNew-MgTeamChannel fails to provision private channel site and document library
I am using powershell with New-MgTeamChannel to create private channels. Although the private channel is being created just fine, the associated channel site and document library is never provisioned automatically. The only way seems to open the Files tab manually in the private channel via the Teams Windows App and wait for some time until the private channel site and its document library is set up. Trying to "visit" the document library with Invoke-RestMethod -Headers $restHeader -Uri "https://graph.microsoft.com/teams/$($destinationTeam.id)/channels/$($privateChannel.id)/filesFolder" fails as well. Has somebody heard of a way to start the provisioning via Graph API?
Error getting new token
Hi, i want to add a new member to a private channel. I follow the authentication flow as follows: a) starting with url https://login.microsoftonline.com/#tenantid#/oauth2/v2.0/authorize?client_id=#clientid#&response_type=code&response_mode=query&redirect_uri=https://www.dashandwerk.net/dashandwerk/api/graph/webhook&scope=offline_access%20TeamMember.ReadWrite.All%20ChannelMember.ReadWrite.All%20User.Read&state=1234" b) my redirect_uri will open and i am getting a new code c) this new code will be used to get a new token with this url https://login.microsoftonline.com/#tenant#/oauth2/v2.0/token?client_id=#client_id# &client_secret=#client_secret# &scope=offline_access%20TeamMember.ReadWrite.All,ChannelMessage.Send%20User.Read%20Mail.Read%20ChannelMember.ReadWrite.All' &code=#code# &redirect_uri=https://www.dashandwerk.net/dashandwerk/api/graph/webhook &grant_type=authorization_code But when getting the new token, i am getting this error: "{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID '640a5194-77b1-40cf-b774-fc9eb9a6d128' named 'dashandwerk-teams'. Send an interactive authorization request for this user and resource. Trace ID: 34a8ea64-b664-448c-9b7c-b4c9a92e0300 Correlation ID: 77e80082-9e58-4da9-8752-2d7bc75d7262 Timestamp: 2025-03-03 11:11:08Z","error_codes":[65001],"timestamp":"2025-03-03 11:11:08Z","trace_id":"34a8ea64-b664-448c-9b7c-b4c9a92e0300","correlation_id":"77e80082-9e58-4da9-8752-2d7bc75d7262","suberror":"consent_required"} Searching on google shows this: Make sure you have followed the steps to grant admin consent. You can do this under Application > API permissions > Grant admin consent. But all grants have admin consent in the office admin center for intra at the app registration. Any ideas to solve this issue ?Help Needed to Make PowerApp Visible in Search Bookmark
Hello everyone, I have a problem that I can't seem to solve and I hope someone here can help me. I created a PowerApp that I want to make visible through a bookmark in Search. When I select, copy, and paste the app ID from PowerApps into the field in the bookmark settings, I get a message saying it's incorrect. For comparison, I created a page on a SharePoint site, placed the PowerApps web part there, and pasted the same ID. It works fine there. Does anyone have any idea what might be going wrong or what I might be overlooking? Any suggestions are welcome! Thanks in advance!
Recent Blogs
- ServiceNow tickets Graph connector is now generally available, adding to the suite of Microsoft Graph connectors for ServiceNowJan 17, 2024
- Get complete control of your Graph connectors rollout strategy with a measured exposure of connections to select users and groupsDec 01, 2023
