403 Error: Application access policy not found, -Global scope not available in tenant
Hi everyone, I'm trying to use Microsoft Graph API to retrieve online meeting details using an application identity. However, I receive a 403 error with the message: "No application access policy found for this app" I followed the documentation here: Configure application access policy, but I encountered a problem: the -Global scope mentioned in the documentation is not available in my tenant. I’ve successfully granted the policy using the following methods: Option A – Grant to Specific User Grant-CsApplicationAccessPolicy -PolicyName "YOUR_POLICY_NAME" -Identity "email address removed for privacy reasons" Option B – Grant to AD Group New-CsGroupPolicyAssignment -GroupId "YOUR_GROUP_ID" -PolicyType ApplicationAccessPolicy -PolicyName "YOUR_POLICY_NAME" These work fine, and the app can access online meetings for users or groups assigned this way. However, I need to allow the app to access meetings across the organization, and the -Global assignment method is not available in my tenant. Questions: Is there an alternative to -Global for tenant-wide access? Is this limitation expected in certain tenant configurations? Any workaround or best practice for enabling organization-wide access to online meetings via Graph API? Thanks in advance!
Excel macro VBA issues
Hey guys. - I wrote a macro, which contain other macros using Call orders. If I running the macros separately everything ok, from the main macro one of them didn't running it's like it skipped from the list. Reason unknown. -On running I can see 4 application window get visible, and those didn't connect any kind of application. Also a Clipboard error message get visible, but I get a Clipboard cleaning macro, which several times cleaning the Clipboard, so it can't be. It's like a hack, or something which I don't recognize. - One a sheets called Total, I can't use the built in group function and can't collapse the selected section so the project I working on lost functionality. I didn't make any change on that side, but previously it was useable. Thanks for help in advance. Cheers. Zsolt
Teams channel messages delta API returns HTTP 400 BadRequest
Hello, We are encountering an unexpected error when calling the Microsoft Graph API endpoint: /teams/{team-id}/channels/{channel-id}/messages/delta This happens consistently for a specific Teams channel, which prevent us from retrieving incremental message updates using the delta query. Request URL: https://graph.microsoft.com/v1.0/teams/{team-id}/channels/{channel-id}/messages/delta?$deltatoken=<redacted-deltatoken> Error Response: HTTP 400 { "error": { "code": "BadRequest", "innerError": { "client-request-id": "<redacted>", "date": "2025-10-07T06:32:56", "request-id": "<redacted>" }, "message": "UnknownError" } } Steps already tried (unsuccessful): Start a fresh delta query without the $deltatoken to obtain a new valid token Use the beta endpoint: https://graph.microsoft.com/beta/teams/{team-id}/channels/{channel-id}/message/delta Additional observation: If we add a filter condition such as ?$filter=lastModifiedDateTime gt <some-timestamp> to skip messages before a certain time, the query works normally. This suggests that there may be one or more problematic messages within a specific time range that cause the API to fail with BadRequest. Questions: Is this a known issue with the Teams channel messages delta API? Are there any recommended workarounds to avoid this error? Thank you.
Strategic Missing Capabilities in the new Microsoft Planner (Enterprise Perspective)
The Present State of Microsoft Planner’s Vision Enterprises want one coherent work-management layer in Microsoft 365 Microsoft’s ambition is to merge To Do, Planner, and Project for the Web into a single platform with Copilot, Goals, unified List/Board/Timeline views, and templates The direction is sound: reduce fragmentation and tool sprawl, standardize data, and give leaders a clean and solid portfolio picture while teams execute in familiar interfaces. In an environment where all employees have access to the same tool, are already included in the resource pool and integration options are basically unlimited, this is a step, that everyone was looking forward to. Nonetheless, the quip that “Microsoft abandoned MS Project 20 years ago” is a joke, but it reflects a real anxiety: if the new Planner displaces familiar scheduling experiences without enterprise-grade controls, PMOs will feel left alone again and disengage, in presence of abundant alternatives. Planner will not replace Microsoft Project, Primavera, or other detailled scheduling tools; those remain essential for deep dependencies, resource leveling, and baselining. Planner’s highest-value role is the management and aggregation layer above them: align goals, normalize metadata, and expose cross-program status. Simplicity matters, but simplicity cannot mean missing capability. If essential functions are absent, governance, traceability, and portfolio visibility suffer, and organizations turn to external tools. Following is a list of core functionality that is currently missing and was needed about a month ago. Current Structural Gaps Date logic too rigid for management use No independent target/due date field; planning often hinges on Start/Finish + Duration, which limits top-down milestone control Custom fields capped at 10 per plan Insufficient for enterprise metadata models and standardized portfolio reporting Maximum task duration of 1,250 days Constricts representation of multi-year initiatives and capital programs No enterprise-grade audit trail Lacks comprehensive, exportable change logs with retention controls for compliance Flat responsibility model Multiple assignees exist, but no roles such as Owner, Reviewer, Approver; no RACI support Insufficient hierarchy and dependencies for roll-ups Summary/sub-tasks exist, but cross-plan links and robust multi-plan aggregation are weak Group-based permissions only Sharing tied to M365 Groups/Teams; no fine-grained task- or field-level permissions; no simple view-only for externals Custom fields lack hyperlink behavior No URL field type; links in text fields are often not clickable for seamless navigation Inconsistent text capture and formatting Notes lack reliable rich-text structure; long entries are hard to read No page breaks or robust formatting for long descriptions Executive-level narratives and governance documentation become unwieldy Limited standardization across plans No global library for reusable custom fields, bucket structures, or templates at tenant/portfolio level Required Enhancements for Enterprise Readiness Flexible date logic Allow target/due dates independent of Start/Finish; add constraints, buffers, alerts, and escalation rules Expanded metadata framework Raise the custom-field limit; add field types (URL, Person, Multi-select), required fields, validation rules, and global field templates Enterprise auditability Provide full change history with export, retention policies, filters by field/user, and API access Role-aware assignments (RACI) Support roles (Owner, Doer, Reviewer, Approver), secondary ownership, and role-based views in people and reports Portfolio-grade structure Enable cross-plan dependencies, milestone roll-ups, program-level summaries, consolidated capacity and risk views Granular access control Introduce view-only sharing, external access without group membership, and task/field-level ACLs to protect sensitive data Hyperlink-enabled fields Add a URL type and clickable rendering in text fields, with previews and allow-lists for approved domains Robust editor for management communication Paragraphs, lists, headings, tables, code/quote blocks, and clean print/PDF output for formal documentation Reusable enterprise templates Tenant-wide libraries for custom fields, buckets, and workflows; versioning and approval flows for governed rollout Reliable data layer A standardized Power BI dataset, webhooks/events, incremental exports, and stable keys for multi-plan, multi-tenant analytics Scaling for long-horizon work Lift or mitigate the 1,250-day limit for leaf tasks and provide guidance or rules for multi-year programs Bottom line Planner can succeed as the enterprise management layer if it remains simple but gains the capabilities listed above. One does not work without the other. If Microsoft does not deliver these functions, enterprises will continue using Project, Primavera, or other scheduling tools — while adopting third-party platforms for governance and portfolio visibility. This would directly undermine Planner’s goal of becoming the unified standard within Microsoft 365. Please, do us a favor and spare organizations from having to implement yet another third-party tool. (And yes: I am aware of multiple enterprises that are in the process of testing and implementating different tools, presicely because of this missing capability)Unable to authenticate with MSAL using a certificate
Hi guys, I'm using the certificate authentication for my WinForms app to connect to SharePoint and Graph API. I followed this article to create the certificate https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-self-signed-certificate Uploaded the certificate to the App Registration, gave all appropriate permissions. However, when I tried to connect to SharePoint or the Graph API, I got this error A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700021: Client assertion application identifier doesn't match 'client_id' parameter. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Microsoft.Graph.ServiceException: Code: generalException Message: An error occurred sending the request. BUT, this only happened on 1 specific machine running Windows 11 Pro. I tested on 4-5 different machines (both W10 and W11), they didn't get this error. I tried verifying the cert thumbprint which matched the one uploaded on the App Registrations. The certificate is not stored in the machine cert store, I use X509KeyStorageFlags.EphemeralKeySet when calling it. Not sure what else to check.Remove sub-folder urls if the parent folder url exists
I have an excel sheet with one column which contain urls from sharepoint, the urls looks as follow:- /sites/Marketing/Budget /sites/Marketing/Budget/2015 /sites/Marketing/Budget/206 /sites/maps /sites/Expesnes /sites/Expenses/2020 now i want to delete all the sub-folders if their parent folder exists? so for example the above rows should be as follow:- /sites/Marketing/Budget /sites/maps /sites/Expesnes is there any script i can run to do this cleanup? ThanksThe Teams Developer Portal needs administrative views
The Teams Developer portal needs some way for Teams service admins or Global admins to view everything that is being deployed to the catalog both in a published and unpublished state. Alternatively, develop some graph endpoints that could be turned into cmdlets in Microsoft Teams PowerShell module or the Graph PowerShell SDK module. As administrators we need the ability to help with keeping our tenant clean, so these kinds of views or endpoints would allow us to make sure that anything uploaded and not needed may be removed or reassigned if the underlying owner leaves and someone else needs to take over something they've been developing. I've submitted a feedback item to the portal - so please help by adding a vote to the entry to bring it up as an enhancement for the Teams Developer Portal services. The Teams Developer Portal needs administrative views or PowerShell/Graph capabilities to manage uploaded solutions and other artifacts · CommunityHow to set a field column of type person for a folder in Sharepoint via the REST API
On Sharepoint I create a column of type person/group (lets say "projectlead"). Now I want to create folders and after the creation I want to set this column via the graph api. I already tested this with a column of type text (single line) successfully via: POST https://{{tenant_url}}/sites/{{site}}/_api/web/lists/getbytitle('Dokumente')/items({{ItemId}})/ValidateUpdateListItem() header: Accept: application/json;odata=verbose Content-Type: application/json;odata=verbose body: { "formValues": [ { "FieldName": "projectlead", "FieldValue": "someUserIdOrName" } ], "bNewDocumentUpdate": false } I heard that it is not possible for folders, but couldn't finde anything specific about it. Is it possible and if, how? I tried several things, but nothing worked for me.
Affordable Conference Room Setups for Small Businesses Using Microsoft Teams Resource Accounts
Our small business (around 40 users) recently migrated from Google to Microsoft 365, and we’re facing several challenges in optimizing our meeting rooms for Teams without incurring large costs. Here’s our current setup and the main issues we are encountering—hoping for advice or creative solutions from the community. Current Setup All computers are domain-joined. We created resource accounts for each of our three meeting rooms; these appear correctly as Rooms in Outlook and Teams booking menus. Each meeting room contains a standard desktop PC (not MTR-certified) running Windows, logged into Teams as the room’s resource account. Employees use the meeting room computer to join calls and manage the meeting calendar. Current Issues Wireless Presenting (Casting): Teams’ wireless casting feature appears to require MTR-certified hardware, which is financially out of reach for a business our size. Unplugging and plugging HDMI cables is cumbersome and error-prone, especially since not everyone uses a laptop, and reconnecting the room PC is often forgotten. Agenda & Calendar Privacy: When meetings are booked, the full Teams agenda and chat history remain accessible on the meeting room machine. That means anyone in the room can view past meetings/agendas, which isn’t ideal from a privacy perspective. Screen Sharing and File Security: To present from the meeting room PC, any files must be accessible by the resource account, creating additional security concerns and sharing/permission headaches. What We’re Looking For Affordable wireless presenting options for meeting rooms—ideally something that integrates smoothly with Microsoft Teams, but without requiring full MTR hardware. Best practices to lock down or reset the meeting room PC so meeting agendas, chats, and files are not visible after a session. Secure ways to allow guests to present (screen share, share files, etc.) without exposing company data or making users jump through complicated permission processes. If anyone has experience setting up small, cost-effective Teams Rooms, especially with regular PCs rather than dedicated MTR devices, advice would be greatly appreciated! Specific steps, hardware/software recommendations, or management tips would all be helpful. Thanks in advance for any guidance!Azure Bot not joining meeting - Server Internal Error. DiagCode: 500#1203002.@
This problem has been bothering me for about two weeks and I haven’t found a solution yet. I’d really appreciate your help. Environment Setup 1.Development Tool: Visual Studio 2022 2.Deployment: The service is hosted on AWS. In AWS Networking, both TCP and UDP port 14217 are opened. The operating system is Windows Server 2022, and the firewall has been disabled temporarily for testing. 3.Certificate: A wildcard SSL certificate issued by Let’s Encrypt (CN = *.bottest.com, RSA-based) has been installed under LocalMachine\My certificate store. 4.Reverse Proxy: Both HTTPS and TCP traffic are forwarded through Nginx. http { server { listen 80; server_name localhost; } server { listen 443 ssl; server_name signaling.bottest.com; ssl_certificate fullchain.pem; ssl_certificate_key privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://127.0.0.1:5001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } } stream { upstream dotnet_app_tcp { server 127.0.0.1:8445; } server { listen 14217 ssl; ssl_certificate fullchain.pem; ssl_certificate_key privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; proxy_pass dotnet_app_tcp; } } 5. The bot’s Application Permissions have also been granted, as shown in the figure below: 6. Bot initialization var mediaPlatformSettings = new MediaPlatformSettings { ApplicationId = _botConfig.MicrosoftAppId, MediaPlatformInstanceSettings = new MediaPlatformInstanceSettings { CertificateThumbprint = _botConfig.CertificateThumbprint, // LocalMachine/My certificate-*.bottest.com-thumbprint InstanceInternalPort = 8445, InstancePublicPort = 14217, InstancePublicIPAddress = IPAddress.Parse("18.181.xx.xx"), // AWS public IP ServiceFqdn = "media.bottest.com" } }; _communicationsClient = new CommunicationsClientBuilder("IMediaSessionBot", _botConfig.MicrosoftAppId, _graphLogger) .SetAuthenticationProvider(_authProvider) .SetServiceBaseUrl(new Uri("https://graph.microsoft.com/v1.0")) .SetNotificationUrl(new Uri($"{_botConfig.PublicUrl}/api/calls")) .SetMediaPlatformSettings(mediaPlatformSettings) .SetHttpClient(httpClient) .Build(); _communicationsClient.Calls().OnIncoming += this.OnIncomingCall; _communicationsClient.Calls().OnUpdated += OnCallUpdated; } 7.join meeting var scenarioId = Guid.NewGuid(); var meetingDetails = MeetingUrlParser.Parse(meetingUrl); var chatInfo = new ChatInfo { ThreadId = meetingDetails.ThreadId }; var meetingInfo = new JoinMeetingIdMeetingInfo { JoinMeetingId = _botConfig.MeetingID, Passcode = _botConfig.MeetingPasscode, AdditionalData = new Dictionary<string, object> { { "allowConversationWithoutHost" , true }, }, }; ILocalMediaSession mediaSession = this.CreateLocalMediaSession(); var joinParams = new JoinMeetingParameters(chatInfo, meetingInfo, mediaSession) { TenantId = tenantId, AllowGuestToBypassLobby = true }; try { _activeCall = await _communicationsClient.Calls().AddAsync(joinParams, scenarioId).ConfigureAwait(false); _logger.LogInformation($"Successfully initiated the add-participant request, Call ID:: {_activeCall.Id}"); } catch (ODataError ex) { Console.WriteLine($"{DateTime.Now:yyyy-MM-dd HH:mm:ss.fff} Failed to initiate the call: .ex={ex.ToString()}"); throw; } private ILocalMediaSession CreateLocalMediaSession(Guid mediaSessionId = default(Guid)) { var mediaSession = this._communicationsClient.CreateMediaSession( new AudioSocketSettings { StreamDirections = StreamDirection.Recvonly, SupportedAudioFormat = AudioFormat.Pcm16K, ReceiveUnmixedMeetingAudio = true, EnableAudioHealingForUnmixed = true }, new VideoSocketSettings { StreamDirections = StreamDirection.Inactive }, mediaSessionId: mediaSessionId); return mediaSession; } 8.call back(SetNotificationUrl(new Uri($"{_botConfig.PublicUrl}/api/calls"))) State at first attempt:Notification payload: {"@odata.type":"#microsoft.graph.commsNotifications","value":[{"@odata.type":"#microsoft.graph.commsNotification","changeType":"updated","resource":"/app/calls/07004d80-44b9-479e-bb43-2d5983e3f235","resourceUrl":"/communications/calls/07004d80-44b9-479e-bb43-2d5983e3f235","resourceData":{"@odata.type":"#microsoft.graph.call","state":"establishing","chatInfo":{"@odata.type":"#microsoft.graph.chatInfo","threadId":"19:meeting_MzIyMTYzOTMtMGYyNi00OTE2LTg2NjUtYmU4ZDlhYmY2ZmRj@thread.v2"},"meetingInfo":{"@odata.type":"#microsoft.graph.joinMeetingIdMeetingInfo","joinMeetingId":"4130864187312","passcode":"P7GY7Vv2","allowConversationWithoutHost":true},"callChainId":"b50a00dc-74da-42b0-966a-e88dea7e6087"}}]} State at second attempt:Notification payload: {"@odata.type":"#microsoft.graph.commsNotifications","value":[{"@odata.type":"#microsoft.graph.commsNotification","changeType":"deleted","resource":"/app/calls/07004d80-44b9-479e-bb43-2d5983e3f235","resourceUrl":"/communications/calls/07004d80-44b9-479e-bb43-2d5983e3f235","resourceData":{"@odata.type":"#microsoft.graph.call","state":"terminated","resultInfo":{"@odata.type":"#microsoft.graph.resultInfo","code":500,"subcode":1203002,"message":"Server Internal Error. DiagCode: 500#1203002.@"},"chatInfo":{"@odata.type":"#microsoft.graph.chatInfo","threadId":"19:meeting_MzIyMTYzOTMtMGYyNi00OTE2LTg2NjUtYmU4ZDlhYmY2ZmRj@thread.v2"},"meetingInfo":{"@odata.type":"#microsoft.graph.joinMeetingIdMeetingInfo","joinMeetingId":"4130864187312","passcode":"P7GY7Vv2","allowConversationWithoutHost":true},"callChainId":"b50a00dc-74da-42b0-966a-e88dea7e6087"}}]} Here, an error occurred: 500 #1203002. 9. Based on the packet capture, the issue seems to be related to interactions with /MediaProcessor/v1. It’s unclear whether this is due to a protocol mismatch or a certificate mismatch, as shown in the figure below: 10.Database schema (DDL) dependencies required by the bot <ItemGroup> <PackageReference Include="Microsoft.ApplicationInsights.WorkerService" Version="2.23.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker" Version="1.24.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker.ApplicationInsights" Version="1.4.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker.Core" Version="1.20.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.Http" Version="3.3.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker.Sdk" Version="1.18.1" /> <PackageReference Include="Microsoft.AspNetCore" Version="2.1.3" /> <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.1.2" /> <PackageReference Include="Microsoft.Bot.Builder.Integration.AspNet.WebApi" Version="4.22.1" /> <PackageReference Include="Microsoft.CognitiveServices.Speech" Version="1.46.0" /> <PackageReference Include="Microsoft.Graph.Communications.Calls.Media" Version="1.2.0.10563" /> <PackageReference Include="Microsoft.Graph.Communications.Core" Version="1.2.0.10563" /> <PackageReference Include="Microsoft.Graph.Core" Version="3.1.3" /> <PackageReference Include="Microsoft.IO.RecyclableMemoryStream" Version="3.0.1" /> <PackageReference Include="Microsoft.ServiceFabric.AspNetCore.HttpSys" Version="3.2.187" /> <PackageReference Include="Microsoft.Skype.Bots.Media" Version="1.31.0.180" /> <PackageReference Include="Microsoft.Kiota.Http.HttpClientLibrary" Version="1.3.3" /> </ItemGroup> 11.The certificate has also been uploaded to Azure, as shown in the figure:
