Recent Discussions
Clone Team endpoint is broken
Microsoft Graph's "clone Team" endpoint is not working as intended and changes its behaviour without any communication from Microsoft. The problem is the new feature that enables users to name the primary channel. Until yesterday, the primary channel was just created as a "normal" channel in the cloned team and an additional primary channel with the default name "General" was created. Since yesterday, the primary channel is now cloned "correctly", but now the tabs are completely ignored and not even the default "Notes" tab is created in the primary channel. So when cloning a team, the primary channel itself is created, but it is just completely empty. Will this be fixed and if so, when? And are there any additional resources for changes in the Graph API that I don't know about? Because this is not mentioned in the Graph API changelog. It seems like Microsoft is indeed working on this, but this last change does not fix anything, it makes it even worse.
Should DriveItem permission support grantedToV2 in the future?
I'm trying to retrieve both metadata and permissions for a DriveItem using Microsoft Graph API. However, I noticed that the permission models between GET /drive/items/{item-id} and GET /drive/items/{item-id}/permissions seem inconsistent. References: 1. DriveItem metadata (with permission included): https://learn.microsoft.com/en-us/onedrive/developer/rest-api/resources/driveitem?view=odsp-graph-online#relationships The permissions property on a DriveItem refers to the Permission resource in the OneDrive API. 2. Permission resource in OneDrive API: https://learn.microsoft.com/en-us/onedrive/developer/rest-api/resources/permission?view=odsp-graph-online Supports grantedTo but not grantedToV2. grantedTo is not marked as deprecated in this API. 3. Permission resource in Graph API: https://learn.microsoft.com/en-us/graph/api/resources/permission?view=graph-rest-1.0 Supports both grandedTo and grantedToV2. Explicitly marks grantedTo as deprecated. Questions: 1. Why is grantedTo not marked as deprecated in the DriveItem metadata response, while it is deprecated in the Microsoft Graph permissions API? (I saw this article mentioning that grantedTo will be deprecated, but it does not specify a timeline.) 2. Should we be using grantedTo or grantedToV2 when retrieving permissions from a DriveItem's metadata? 3. If grantedToV2 is preferred, is there any plan to support grantedToV2 in the GET /drive/items/{item-id} response in the future? This inconsistency makes it unclear whether grantedTo is still valid or if we should be transitioning to grantedToV2 across all endpoints. Any clarification from Microsoft would be greatly appreciated! Thank you.
Failed to list all calendars for certain users with graph api
We failed to list all calendars for certain users with graph api, only 2 calendars are listed. However, when we use ews api, we can list all 7 calendars with FolderClass being IPF.Appointment. Does anyone know why this inconsistency between both apis? graph api endpoint: https://graph.microsoft.com/v1.0/users/8057cafb-1848-4b5d-a213-5dc40453c8f7/calendarGroups/{calendar_group_id}/calendars ews api endpoint: https://outlook.office365.com/EWS/Exchange.asmx <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <t:RequestServerVersion Version="Exchange2013" /> <t:ExchangeImpersonation> <t:ConnectingSID> <t:PrincipalName>user principal name</t:PrincipalName> </t:ConnectingSID> </t:ExchangeImpersonation> </soap:Header> <soap:Body> <m:SyncFolderHierarchy> <m:FolderShape> <t:BaseShape>IdOnly</t:BaseShape> <t:AdditionalProperties> <t:FieldURI FieldURI="folder:ParentFolderId"></t:FieldURI> <t:FieldURI FieldURI="folder:DisplayName"></t:FieldURI> <t:FieldURI FieldURI="folder:FolderClass"></t:FieldURI> </t:AdditionalProperties> </m:FolderShape> </m:SyncFolderHierarchy> </soap:Body> </soap:Envelope>grantedTo and grantedToIdentities removed from graph api Permission. What's the exact time table?
Hi, Microsoft announced that the Permission resource of the graph API will be gradually phased out and deprecated the grantedTo and grantedToIdentities fields. We would like to know the exact time table, such as the month and day when the phaseout will begin, and if there are differences in the phaseout time in various regions around the world and a clear time table. Because before this time we need to adjust the eliminated fields to grantedToV2 and grantedToIdentitiesV2 in order to continue to use the following endpoints GET {resource path}/permissions GET {resource path}/permissions/permission-id PATCH {resource path}/permissions/permission-id POST {resource path}/permissions Announcement: https://devblogs.microsoft.com/microsoft365dev/removal-of-deprecated-sharepoint-onedrive-permission-resource-properties/ Thank you~!
Issue with Downloading Teams Sticker via Graph API - HTTP 400 Bad Request
Hi all, I am encountering an issue when attempting to download a sticker from Microsoft Teams using the Graph API. Below are the details of my request and the problem I am facing: Issue Description: I am using the following API format to download a sticker: GET https://graph.microsoft.com/v1.0/teams/xxx/messages/yyy/hostedContents/zzz/$value The request returns an HTTP 400 Bad Request response. The error details are as follows: { "error": { "code": "BadRequest", "message": "Provided hosted content identifier is invalid." }} Upon decoding zzz part of the API request URL, I obtained the following information: id=,type=1,url=https://us-prod.asyncgw.teams.microsoft.com/v1/url/content?url=https%3a%2f%2fstatic.wixstatic.com%2fmedia%2f4b00a4_e293905cf80f4ba4853c80a0a98dd748~mv2.png From the decoded data, it appears that the id field is empty. I suspect that this might be the reason why I am receiving the HTTP 400 Bad Request response. Questions: Has anyone encountered a similar issue when attempting to download a hosted sticker from Teams via the Graph API? Is there a specific reason why the id field is empty in the decoded content information? How can I resolve this issue and successfully retrieve the sticker content? Any insights or guidance on resolving this issue would be greatly appreciated. Thank you for your support. Best regards, Kein
Help Needed to Make PowerApp Visible in Search Bookmark
Hello everyone, I have a problem that I can't seem to solve and I hope someone here can help me. I created a PowerApp that I want to make visible through a bookmark in Search. When I select, copy, and paste the app ID from PowerApps into the field in the bookmark settings, I get a message saying it's incorrect. For comparison, I created a page on a SharePoint site, placed the PowerApps web part there, and pasted the same ID. It works fine there. Does anyone have any idea what might be going wrong or what I might be overlooking? Any suggestions are welcome! Thanks in advance!Is Microsoft Search meant to still be available in Office apps?
According to https://learn.microsoft.com/en-us/microsoftsearch/overview-microsoft-search The first picture under the heading What users see, and the description, imply that users are meant to be able to use Microsoft Search from within Office apps, however, at least in 2 of our tenants, it appears to now just search within the document. Is this a bug? Is Microsoft Search meant to still be available in Office apps? - Microsoft Q&A‎Intelligent Search IP Kit
Hi, I would like to kindly ask you for help. Currently I have studied Microsoft search and options how to improve it. I have found these search components on this official video (https://youtu.be/jKpIDBalLW0?si=M_qVbY4KWOrZEVy7&t=2103). Unfortunately I have not found any further information where to find those components to use it. Does anyone have an experience with that? It will be really useful and I really appreciate it. I have tried to send an email to mentioned address but unfortunately it does not exist anymore. Thank you for your response. Best regards and have a nice day Mirek 🙂"Insufficient privileges to complete the operation" while using Graph API
Hello, everyone! I'm trying to use the Microsoft Graph API with App Authentication to assign an Product License to a user. My App has the App permissions "LicenseAssignment.ReadWrite.All", "Directory.ReadWrite.All" and "User.ReadWrite.All". https://graph.microsoft.com/v1.0/users/$upn/assignLicense { "error": { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": { "date": "2025-03-19T08:17:35", "request-id": "c368027b-6462-472f-a726-a9b04b26e11e", "client-request-id": "c368027b-6462-472f-a726-a9b04b26e11e" } } } My request body looks as follows: { "addLicenses": [ { "disabledPlans": [], "skuId": "..." } ], "removeLicenses": [] } For assigning a license, I got teams(community) list, and members list. I hope for your selfless help.
30-Minute Delay in Retrieving Team Sites Data via Microsoft Graph API
I am experiencing an issue when creating a team in Microsoft Teams and retrieving site data using the Microsoft Graph API. The team’s site data does not appear immediately but becomes available only after approximately 30 minutes. What is the reason for this delay? Is there a way to speed up the availability of site data after a team is created so it can be accessed more quickly via the API?
usageRights api returning multiple results for the same catalogID
So I'm using Graph SDK's usageRights endpoint to test license management for a transactable offer. I'm curious to know how it is that I'm getting a result that looks like this. (actual property values masked) For the same serviceIdentifier and catalogId I get two different results for the same user. The only difference being the actual usageRight id { "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('some-user-id')/usageRights", "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET users('<guid>')/usageRights?$select=catalogId,serviceIdentifier", "value": [ { "id": "some-usage-right-id", "catalogId": "XXX:0001", "serviceIdentifier": "my.test-offer.plan1", "state": "inactive" }, { "id": "some-other-usageright-id", "catalogId": "XXX:0001", "serviceIdentifier": "my.test-offer.plan1", "state": "active" } ] } When I unnasign this license and make the same call, I get the following result { "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('some-user-id')/usageRights", "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET users('<guid>')/usageRights?$select=catalogId,serviceIdentifier", "value": [ { "id": "some-usage-right-id", "catalogId": "XXX:0001", "serviceIdentifier": "my.test-offer.plan1", "state": "inactive" } ] } This implies to me that for some reason, I have a "hanging" usageRight perhaps from some previous test. My question is, how do I reliably determine which of these two usageRights is the correct one to use? Based on what I've written above it's clearly the second one but how do I determine this in code?Grant "read" role for a DriveItem to an Entra ID app
Context My web app uses an Entra ID application to organize file transfer from Sharepoint to the local storage. For this to work, a combination of “Files.Read.All” Delegated permission and FilePicker SDK v7.2 for JavaScript is used. A user authorizes using his Microsoft work account, agrees with the consent, selects a file, and the web app reads and downloads that file. Question How to have a stable way for the Entra ID app to read any file, which was previously selected by any user, at any time? (Have a permanent “read” access) What I have tried Files.SelectedOperations.Selected Application permission. I can request a JWT token for the Entra ID app (POST /tenant_id/oauth2/v2.0/token), but a call (POST /v1.0/sites/site_Id/drives/drive_Id/items/item_Id/permissions) to grant “read” role for a DriveItem by siteId, driveId and itemId retrieved from FilePicker SDK's response returns 403 “accessDenied”. Apparently, that’s the user who must grant access to that file, but on UI he cannot share it with an Entra ID app, only with another user. Re-usage of user’s accessToken which comes from FilePicker SDK to backend to grant "read" role for the Entra ID app to the file he has just selected. This accessToken is not full and cannot be used to perform such an operation. Ultimate Goal (just for more context) Implement OneDrive file auto-synchronization service for the web app. For example, a user uploads a file to the web app. A month later he updates this file on Sharepoint in a site-collection or My Files. A background task is launched daily to update obsoleted files in the web app. The application must be able to read and download the respective DriveItem without any user interaction. Business Restrictions Excessive Application type permissions (Files.Read.All, FullControl, etc.) are not allowed. Sites.Selected is highly NOT preferred because it requires global changes for users to transfer (copies of) their content on a special site-collection the Entra ID app will have to monitor. So is actual if each customer Users should not be involved into using developer tools, like sending POST requests through Postman or Graph Explorer. Authorization flows which involve refreshing the received users' accessTokens are not allowed. I am grateful for any information and ideas!Graph api permission
I have an interesting case. I need to retrieve metadata for all files stored in OneDrive across all users, including details like file name, size, and last modified date. However, I do not want to have access to the actual document content. My current understanding is that the Files.Read.All permission grants access to all documents, which I want to avoid. What permission should I use to achieve this?Cannot get webinar registrants
I'm trying to use PowerAutomate's Send a Microsoft Graph HTTP request to get webinar registrant details. The end goal is to send registrant details into make.com as part of a wider automation, but I simply cannot get the GET request to work. I want to know if it's actually possible to do - thanks for your patience, I feel a little out of my depth...Getting delta change for files from team and its channels
We are processing delta changes from onedrive data and teams data. We are using delta api so if someone share the current file with any user we got the file details in delta api for onedrive item. But in case of teams and channle data it won't. So is there any way to get delta for the files from team if shared with some othe user or team. We also want api to know files shared with team as we are also fetching data shared with user by using insight apiNew-MgTeamChannel fails to provision private channel site and document library
I am using powershell with New-MgTeamChannel to create private channels. Although the private channel is being created just fine, the associated channel site and document library is never provisioned automatically. The only way seems to open the Files tab manually in the private channel via the Teams Windows App and wait for some time until the private channel site and its document library is set up. Trying to "visit" the document library with Invoke-RestMethod -Headers $restHeader -Uri "https://graph.microsoft.com/teams/$($destinationTeam.id)/channels/$($privateChannel.id)/filesFolder" fails as well. Has somebody heard of a way to start the provisioning via Graph API?
Recent Blogs
- ServiceNow tickets Graph connector is now generally available, adding to the suite of Microsoft Graph connectors for ServiceNowJan 17, 2024
- Get complete control of your Graph connectors rollout strategy with a measured exposure of connections to select users and groupsDec 01, 2023
