Forum Widgets
Latest Discussions
Deleted security groups return "securityEnabled": false, appear as ‘unrecognized’ in Entra admin
When retrieving the list of soft-deleted groups with Graph, both M365 groups and security groups are returned. However, the securityEnabled flag is returned as false for security groups. Is this a bug? This likely leads to displaying them in the Entra admin center as 'Unrecognized' type.
Slow UI update for deleted events
I've built an integration that continuously syncs events between an external scheduling system and Exchange Online using Microsoft Graph. I'm observing a recurring issue when deleting calendar events via Graph: A DELETE request to Graph returns success (204 No Content). A subsequent GET /events/{id} returns 404, confirming the event is deleted server-side. However, the event continues to appear in the Outlook UI (both Outlook Web and desktop) for an extended period (sometimes hours), even after page reloads or app restarts. The odd behaviour The event is still displayed in the user interface for up to several hours The event persist through page reloads If the user clicks the event it opens briefly and immediately closes, the event disappears from the UI afterward. Additional details Delete endpoint: /users/{id}/events/{id} Graph response: 204 No Content Verified deletion via GET → 404 Reproduces in both Outlook Web and Outlook desktop Questions Is this a known Outlook client caching or calendar view indexing issue? Is there a way to force client reconciliation after deletes? Are there Graph or Exchange constraints around rapid create/update/delete cycles that could cause this UI inconsistency?
How to Retrieve Windows Edition (SKU) from managedDevices API
Hi everyone, I am working with the Microsoft Graph API endpoint /v1.0/deviceManagement/managedDevices to iterate through all devices in a tenant and collect operating system related information. For Windows devices, the operatingSystem field only returns "Windows". However, Windows has multiple editions such as Enterprise, Education, and Pro. For my use case, I need the specific Windows edition. Is it possible to retrieve this information using only the v1.0 endpoint, or is the beta endpoint /beta/deviceManagement/managedDevices/{managedDeviceId} required to get the SKU family? Thanks in advance for your help.Resource not found while trying to access the available resource
I am attempting to automate CRUD operations on Microsoft Entra objects using the Microsoft Graph API. However, I am encountering a Resource not found error when accessing a resource programmatically, even though the same resource is accessible without issue when invoking the API endpoint via Postman.Alias for Refinable Managed Property Not Working in Search Queries
Hi, The alias for the refinable managed property has worked as expected in sortProperties for the past year, but it has recently stopped working and now returns an error. Using the original managed property name (RefinableDateSingle01) continues to work as expected. The error is shown below, together with the trace ID. Unfortunately, we are unable to switch to using RefinableDateSingle01 in sortProperties as it does not meet our business requirements. We are currently facing challenges due to the large number of SharePoint sites, many of which we do not have permission to access. As a result, we can only confirm that the refinable managed property RefinableDateSingle01 and its associated alias are configured correctly on the SharePoint sites where we have full access. What is the root cause of this issue, and how can it be resolved? https://graph.microsoft.com/v1.0/search/query { "requests": [ { "entityTypes": [ "listItem" ], "query": { "queryString": "* AND SiteId:\"siteId\"" }, "from": 0, "size": 50, "sortProperties": [ { "name": "RefinableDateSingle01", // This works when I use the refinable managed property name (RefinableDateSingle01), but it does not work when I use the alias I defined for this property "isDescending": false } ] } ] } 500 Internal Server Error (When I used alias in sortProperties) { "error": { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "InternalServerError", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "FanoutDownstreamContradiction", "message": "The call failed, please try again.", "target": "", "details": [ { "code": "TwoStepFanout_FirstStepFailed", "message": "The call failed, please try again.", "target": "", "serviceName": "Xap", "moduleName": "SubstrateSearch.FanoutV2.MultiDimensionSearchFanoutPluginV3", "contactTeam": "3sdri", "httpCode": 500 }, { "code": "FanoutDownstreamContradiction", "message": "The call failed, please try again.", "target": "", "serviceName": "FanoutService", "moduleName": "Fanout", "contactTeam": "3STenantSearchDevs", "httpCode": 500 } ], "serviceName": "FanoutService", "moduleName": "Fanout", "contactTeam": "3STenantSearchDevs", "httpCode": 500 } ], "moduleName": "SubstrateFanoutSearchWorkflow", "httpCode": 500 } ], "moduleName": "AscUserSearchFanoutWorkflowV2", "httpCode": 500 } ], "moduleName": "AscUserSearchFanoutWorkflowV2", "httpCode": 500 } ], "moduleName": "G21AscWorkflow", "httpCode": 500 } ], "moduleName": "TenantFileSearchFederationWorkflow_ASC", "httpCode": 500 } ], "moduleName": "TenantFileSearchFederationWorkflow", "httpCode": 500 } ], "moduleName": "FederationWorkflow", "httpCode": 500 } ], "moduleName": "TopLevelWorkflowBase", "httpCode": 500 }, "Instrumentation": { "TraceId": "57c005b9-07fc-453b-8c73-2650d90670e0" } }
Error while creating Graph API Access token
Hi guys, I am trying to create an access token for calling Graph API through browser. When I call 'https://login.microsoftonline.com/XXXX-XXXX-XXX-XXX-XXX/oauth2/token' api using AJAX, I receive below error. Access to XMLHttpRequest at 'https://login.microsoftonline.com/XXXX-XXXX-XXX-XXX-XXX/oauth2/token' from origin 'https://cevalogisticsoffice365.sharepoint.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Please can you provide me why this error is occurring and what is the solution for this. RegardsAttempt to automate GSA setup in Azure through Graph API
Hi, Using https://developer.microsoft.com/en-us/graph/graph-explorer and signed in as a user with Applications, Network, NetworkPolicy, Global Secure Access Admin roles, I am trying to POST to https://graph.microsoft.com/beta/networkAccess/connectivity/remoteNetworks using Payload Body { "name": "Hello", "region": "norwayEast" } How come I get the HTTP response code 400 with "code": "UnknownError", "message": "{\"error\":\"Invalid request parameters\"}", ?
O365 Group email settings
I am in the middle of trying to create some automated routines that create groups in O365 and add/remove members from them as needed. One of things I ran into is that when an email is sent to the group, the emails are not going into each members' inbox and are only visible in Outlook through "Go to groups" in the left hand menu. I can see the settings that need to be set but can't set them because either, A: it just doesn't do it or B: says I don't have permission. Doing this through C# and the Graph SDK The two items I think I need to turn on are below. What permissions are needed to be able to manage those settings but NOT be able to have access to anyone and everyones' email boxes, emails, etc or is there another way to do this? IsSubscribedByMail AutoSubscribeNewMembersRetrieve Item Analytics for Multiple Items
Hi, our team has noticed that it’s not possible to retrieve analytics when querying a list of items using $expand. When we run this type of query, we don’t receive an error indicating that it’s not allowed; instead, the analytics property just returns null values. https://graph.microsoft.com/v1.0/sites/<<SiteId>>/lists/<<ListID>>/items?$expand=fields,analytics($expand=allTime) However, when we query a single item, everything works as expected. https://graph.microsoft.com/v1.0/sites/<<SiteId>>/lists/<<ListID>>/items/<<ListID>>/analytics/allTime Is there a way to retrieve analytics data for multiple items in one request?
Entra Conditional Access Issue
Hi Guys, Our Outlook add-in relies on the Graph API to fetch emails. Due to customer-side Conditional Access (CA) Policies, we are seeing critical failures where Continuous Access Evaluation (CAE) demands user interaction (InteractionRequired code) to resolve challenges like LocationConditionEvaluationSatisfied or TokenCreatedWithOutdatedPolicies. Since this authentication occurs backend-to-Entra, we lack a frontend mechanism to prompt the required user interaction. Is there a recommended pattern, method, or architectural change that allows our backend to redirect or challenge the user for interactive sign-in, thereby satisfying these CAE requirements and unblocking customers? Exact error messages: 1. Continuous access evaluation resulted in challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied 2. Continuous access evaluation resulted in challenge with result: InteractionRequired and code: TokenCreatedWithOutdatedPolicies
