External User Sharing via Mobile Apps
I have the following Scenario: Internal documents are shared amongst staff using Sharepoint SubSites with Document Libraries. This works great We work with external contractors to submit their work to us, which at the moment is done via Dropbox. Contractor goes out, does work, documents work with pictures and uploads via dropbox to main office. Our annual subscription to Dropbox is expiring and we dont want to renew. It seems pointless when we get all this storage space with our O365 tenant included. External contractors come and go like the wind, so we ideally want them to use their own personal onedrive. Is it possible to share a Sharepoint Library with an external contact but have them access it via a mobile app, either onedrive or some other app?
Filtering tasks based on custom columns in Microsoft Planner?
In Microsoft Planner, I can add a custom column, and it appears in the table view. However, I do not see an option to filter tasks based on the new column. Is this a supported feature, or is there any workaround to enable filtering on custom fields?
Grant "read" role for a DriveItem to an Entra ID app
Context My web app uses an Entra ID application to organize file transfer from Sharepoint to the local storage. For this to work, a combination of “Files.Read.All” Delegated permission and FilePicker SDK v7.2 for JavaScript is used. A user authorizes using his Microsoft work account, agrees with the consent, selects a file, and the web app reads and downloads that file. Question How to have a stable way for the Entra ID app to read any file, which was previously selected by any user, at any time? (Have a permanent “read” access) What I have tried Files.SelectedOperations.Selected Application permission. I can request a JWT token for the Entra ID app (POST /tenant_id/oauth2/v2.0/token), but a call (POST /v1.0/sites/site_Id/drives/drive_Id/items/item_Id/permissions) to grant “read” role for a DriveItem by siteId, driveId and itemId retrieved from FilePicker SDK's response returns 403 “accessDenied”. Apparently, that’s the user who must grant access to that file, but on UI he cannot share it with an Entra ID app, only with another user. Re-usage of user’s accessToken which comes from FilePicker SDK to backend to grant "read" role for the Entra ID app to the file he has just selected. This accessToken is not full and cannot be used to perform such an operation. Ultimate Goal (just for more context) Implement OneDrive file auto-synchronization service for the web app. For example, a user uploads a file to the web app. A month later he updates this file on Sharepoint in a site-collection or My Files. A background task is launched daily to update obsoleted files in the web app. The application must be able to read and download the respective DriveItem without any user interaction. Business Restrictions Excessive Application type permissions (Files.Read.All, FullControl, etc.) are not allowed. Sites.Selected is highly NOT preferred because it requires global changes for users to transfer (copies of) their content on a special site-collection the Entra ID app will have to monitor. So is actual if each customer Users should not be involved into using developer tools, like sending POST requests through Postman or Graph Explorer. Authorization flows which involve refreshing the received users' accessTokens are not allowed. I am grateful for any information and ideas!Integrating Azure Front Door WAF with Azure Container Apps
Azure Container Apps (ACA) provides a fully-managed container orchestration platform built on top of Azure Kubernetes Service (AKS). Whilst ACA provides automatic ingress deployment for public (external) and private (internal) ACA environments, the service doesn't currently offer any Web Application Firewall (WAF) or Globally distributed ingress routing. This blob post describes how to integrate Azure Front Door WAF with a private (internal) Azure Container App environment to security harden Azure Container App ingress.
Authentication issue while using Client Credential through Oauth2.0
Hi Community Hope you are doing well. I am unable to authenticate to our registered app in azure. I am looking to test the get/users graph api using insomnia (similar tool as postman). During Token generation we are getting 401 error. we are provide correct Client ID and Secret with right scope url. I created the app, added the necessary permissions and the client credentials. Do I need to add a redirect uri to the app? Does the app need to be registered account types as "accounts in any organization directory"? I am getting a 401 unauthorized error Can you please assist what I'm what is missing here? I will really do appreciate your help. Thanks Vatan
Error getting new token
Hi, i want to add a new member to a private channel. I follow the authentication flow as follows: a) starting with url https://login.microsoftonline.com/#tenantid#/oauth2/v2.0/authorize?client_id=#clientid#&response_type=code&response_mode=query&redirect_uri=https://www.dashandwerk.net/dashandwerk/api/graph/webhook&scope=offline_access%20TeamMember.ReadWrite.All%20ChannelMember.ReadWrite.All%20User.Read&state=1234" b) my redirect_uri will open and i am getting a new code c) this new code will be used to get a new token with this url https://login.microsoftonline.com/#tenant#/oauth2/v2.0/token?client_id=#client_id# &client_secret=#client_secret# &scope=offline_access%20TeamMember.ReadWrite.All,ChannelMessage.Send%20User.Read%20Mail.Read%20ChannelMember.ReadWrite.All' &code=#code# &redirect_uri=https://www.dashandwerk.net/dashandwerk/api/graph/webhook &grant_type=authorization_code But when getting the new token, i am getting this error: "{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID '640a5194-77b1-40cf-b774-fc9eb9a6d128' named 'dashandwerk-teams'. Send an interactive authorization request for this user and resource. Trace ID: 34a8ea64-b664-448c-9b7c-b4c9a92e0300 Correlation ID: 77e80082-9e58-4da9-8752-2d7bc75d7262 Timestamp: 2025-03-03 11:11:08Z","error_codes":[65001],"timestamp":"2025-03-03 11:11:08Z","trace_id":"34a8ea64-b664-448c-9b7c-b4c9a92e0300","correlation_id":"77e80082-9e58-4da9-8752-2d7bc75d7262","suberror":"consent_required"} Searching on google shows this: Make sure you have followed the steps to grant admin consent. You can do this under Application > API permissions > Grant admin consent. But all grants have admin consent in the office admin center for intra at the app registration. Any ideas to solve this issue ?
Daily Security Passphrase
We operate remote store locations around the US. When a corporate employee calls a store location on the phone we need a way for the store employee to be able to validate that the caller is legitimate and from corporate. We want to create a widget or app on our internal SharePoint operations page that will automatically generate a random security passphrase or code each day. When the caller calls the store, the store employee can look on the SharePoint page and see the passphrase. They can them ask the corporate caller what the daily passphrase is. The Corporate caller can access the same internal page and recite the daily code to the store staff member. If they match, the call is legit. How do I create this widget? Is there something I can use out-of-the-box? I am non-technical so I need help understanding how to build this type of solution.
