Application.ReadWrite.OwnedBy: List all applications owned by the calling application
Hi, I am trying to get only the applications that my app owns using Graph, and on the documentation it shows that I should be able to only list the applications where my app is owner. (This is to limit the content I have access to with my app) https://docs.microsoft.com/en-us/graph/permissions-reference Application Application.Read.All: List all applications (GET /beta/applications) Application.ReadWrite.All: Delete a service principal (DELETE /beta/servicePrincipals/{id}) Application.ReadWrite.OwnedBy: Create an application (POST /beta/applications) Application.ReadWrite.OwnedBy: List all applications owned by the calling application (GET /beta/servicePrincipals/{id}/ownedObjects) Application.ReadWrite.OwnedBy: Add another owner to an owned application (POST /applications/{id}/owners/$ref). NOTE: This may require additional permissions. However, if I create an app that has owner permissions on another app and I query against the Graph API "Applications" I am still able to list all applications in the tenant. I thought having me added as owner, on an application and having only that permission on my app, would limit my result ? Am I missing something here? Adding the app as an owner in the following way: Connect-AzureAD $objectIdOfApplicationToChange = Get-AzureADApplication -objectId "6929067b-b9ab-4bf6-bb17-81be5eb31ba1" $objectIdOfApplicationThatNeedsToBeAdded = Get-AzureADApplication -ObjectId "21780578-3035-47c1-8096-a1641ab3123d" Add-AzureAdApplicationOwner -ObjectId $objectIdOfApplicationToChange.ObjectId -RefObjectId (get-azureadserviceprincipal -all $true | where-object {$_.AppId -like $objectIdOfApplicationThatNeedsToBeAdded.AppId}).ObjectId When I query the Graph through PowerShell, I was hoping to get a 403 when querying all applications... Anyone tried to limit the result you get back using this permission ? It is not a wanted solution to give permissions to read all applications for this app, therefor we need to limit the access...I can't find the DRIVE-ITEM-ID
Hello how are you? I managed the most complicated steps that would be authentication, but what I believed to be the easiest became an even greater challenge. When I access the graph developer https://developer.microsoft.com/en-us/graph/graph-explorer. I can't get to a specific excel sheet. I tried in several ways, I got the driveId,l driveItem, but the Drive-Item-Id I can't find at all. Even the file that I actually need to work I can't reach, only when I go to the "My recent files" endpoint. Would anyone have a suggestion on how to get the DRIVE-ITEM-ID of an excel sheet? I created an application, because the objective is to develop a web application in Python to connect our automations and this also involves connecting several APIs. Can anyone give me some help?
API Graph Python: Get Calendar Events - ODataError
Hello, for an application I would like to extract the calendar events for the upcoming 10 days of specific calendars within my company. Therefore I followed the Tutorial "Build Python app with Microsoft Graph and app-only authentication. https://learn.microsoft.com/de-de/graph/tutorials/python-app-only?tabs=aad The example code is working - I get an access token and also the users are listed. However - when I integrate my own API call I get the error: msgraph.generated.models.o_data_errors.o_data_error.ODataError Our Admin provided the Application Permissions: Calendars.Read, Calendars.ReadBasic.All To extract the Events from a specific calender I use an adapted version of the last example of the following page: https://learn.microsoft.com/en-us/graph/sdks/create-requests?tabs=Python The code (which causes the error in line 12) in the graph.py is the following: from msgraph.generated.users.item.calendar.calendar_view.calendar_view_request_builder import CalendarViewRequestBuilder import datetime as dt async def get_calendar_events(self): start_date = dt.date.today() end_date = dt.date.today() + dt.timedelta(days=1) query_params = CalendarViewRequestBuilder.CalendarViewRequestBuilderGetQueryParameters( start_date_time=str(start_date), end_date_time=str(end_date), ) request_config = CalendarViewRequestBuilder.CalendarViewRequestBuilderGetRequestConfiguration( query_parameters=query_params, ) calendar = await self.app_client.users_by_id('email address removed for privacy reasons').calendar_view.get(request_configuration=request_config) print(calendar) return calendar The code in the main.py is the following: async def list_calendar_events(graph: Graph): calendar = await graph.get_calendar_events() print(calendar) for event in calendar.value: print("Event ID: ", event.id) print("Start: ", event.start) return What is the error and how can I correct it? Thank you!
Need assistance with uploading background image
Hello all, I'm researching a PoC to upload background images to the Azure sign in page using a delegated application. I've successfully been able to change the sign-in text and the background color but unable to determine how to upload a background image or banner logo via PowerShell or the Resource Graph Explorer. The cmdlets I'm attempting is "update-mgorganizationalbranding". References I'm using: https://docs.microsoft.com/en-us/graph/api/resources/organizationalbrandingproperties?view=graph-rest-1.0#methods https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.identity.directorymanagement/update-mgorganizationbranding?view=graph-powershell-beta
How to increase the limits of permissions requested per application - Azure AD signInAudience
I am currently developing an app that allows different operations with Microsoft SharePoint, I am using Microsoft Graph and I have registered the App in Azure AD, and it works fine. But my wish is that the App is public and thousands of people can use it, using their Microsoft account. But reading the documentation of Microsoft Graph I find an article that says that it has Limits of permissions requested by application. The limit indicated by the documentation is a maximum of 400 for a signInAudience= AzureADMultipleOrgs but I want and aspire to have more users, perhaps thousands of users. What do you recommend I do in this case? I want thousands of users to access the app with their Microsoft account and be able to do different activities. In the app when a user logs in, the app requests permission to access API Graph and performs the desired query, this process has to do with "Limits on requested permissions per app"??? For more information https://docs.microsoft.com/en-us/graph/permissions-referenceGraph API query/filter
Greetings, I have a project in a planner group, and I need to use Graph API to get all the tasks and details for each task, including comments. Is there a way to use Graph API, to bring all details from my tasks, including latest comments(this is crucial for that)? I need to use Graph API to bring some informations from my planner. I was just introduced to Graph API, and I don't know how to use very well, and my deadline is this week. I tried using this link below, but its just getting the comments: https://graph.microsoft.com/v1.0/groups/{group-id}/conversations And this one below to get my tasks based on my plan ID: https://graph.microsoft.com/v1.0/planner/plans/{plan-id}/tasks For the second one, I need to include the lastest comments as well, when it is called Thanks,getAllMessages filter options for Teams Chat
I'm building a compliance app and would like to filter our API call on more than the LastModifiedDateTime. We would like to also filter on chatId but have not been able to get that to work and wanted to survey the group here to see if others know of any undocumented options that might be helpful.
Using MGT reactjs to build 3tier app
Hi I am learning authentication and authorization and I think MGT seems to be a good starting point. So I have followed the tutorials and managed to build the basic MGT reactjs app, which is using the login component to trigger the login (authentication) process and then using the Agenda component to show the calendar events. The below steps I have no idea how to do and any help would be greatly appreciated. from the UI pass the access token to my webapi hosted on Azure Web App and verify the token is valid Check the user's email has an entry in my Azure hosted database regards Alex
