Forum Discussion

Anonymous's avatar
Anonymous
Feb 20, 2017
Solved

Programmatically creation of Office 365 Groups

I can create an Office 365 Group with PnP PowerShell (https://msdn.microsoft.com/en-us/pnp_articles/modern-experience-customizations-provisioning-sites) with no problems at all - both the Office 365 ...
Office 365 Groups
  • Mikael Svenson's avatar
    Mikael Svenson
    Aug 25, 2017

    You are one lazy.... ;)

     

    Tenant tenant = new Tenant(clientContext);
    var site = tenant.GetSitePropertiesByUrl(siteUrl, false);
    clientContext.Load(site, s => s.Status);
    site.Context.ExecuteQueryRetry();
    var status = site.Status;

paulschaeflein's avatar
paulschaeflein
MVP
Feb 20, 2017

I would image that you seeing problems because using the app-only operation is not supported. (The graph.microsoft.io page you cite only discusses app-only tokens. It does not state that you can use it to create O365 groups.) I would not expect your process to work.

 

You can submit ideas for new features at https://officespdev.uservoice.com/

Anonymous's avatar
Anonymous
Feb 21, 2017

Can you explain the difference beteween app-only operations and app-only tokens?

 

... on the release notes they state the following: "Examples of group features that support delegated and app-only permissions:

  • Creating and deleting groups
  • Getting and updating group properties pertaining to group administration or management ..."

(https://graph.microsoft.io/en-us/docs/overview/release_notes). Furthermore, in the permission section of the same article, they have a known issue when using Group.ReadWrite.All in the v1.0 endpoint: 

Cannot enumerate groups or group memberships, create groups, update group memberships or delete groups. Can still read and update group content for Office groups.Also select Directory.ReadWrite.All. NOTE: Group deletion will not be possible.

 

I've tried to also select the Directory.ReadWrite.All permission in Azure AD, but no effect yet. The above tells me, that it might be possible, or am I missing something?

 

Another question - are there any documented delay after changing Azure AD app permissions? I have granted the app again (after the change), but still the token looks the same to me. Thanks in advance.

 

 

  • paulschaeflein's avatar
    paulschaeflein
    MVP
    Feb 21, 2017

    An app-only operation is one where the effective permissions consider only the app principal, not the current user. To assert privilege for an operation you need a token. If you acquire a token using a client id/secret without user consent , that is called an app token.

     

    After changing permission requests for an app principal, you will need to re-consent. Append "prompt=consent" to the auth endpoint to invoke the consent flow.

Resources