List items "Shared By Me" in Microsoft Graph
I really need to be able to run a report and list all items in OD4B and SPO that have been shared by a user from an API. Given MS Graph is meant to be the place to be, and is replacing the OneDrive API I assumed I could use a query along the lines of {graph uri}/users/{user id}/drives/shared but no joy. A user can list and manage the files that have active sharing links by going to the OneDrive portal and viewing the SharedByMe list. This reporting is essential as we have to be able to manage externally sharing of files as part of our security policies. If it is only accessible through the OneDrive API then how can I implement OneDrive API application permissions as this doesn't seem to be available in the AzureAD Application Registration blade. Many thanks in advance for any help you can provide. Yours, Tom
Cannot access OneDrive storage for multi/inter tenant
Hi, I tried to create an application, with which the user in another company/tenant could access his/her OneDrive storage. But failed. It's really appreciated for the advice on what or which steps I had made mistakes. Thanks a lot. Detail as below: The user (user01@company.com), who is in Tenant X, wants to use the service/system (which is developed by Tenant Y) to access the files on his/her One Drive storage. 1.) Tenant Y had already got the Azure service and had subscribed Office 365 service (as the One Drive API need SPO license). 2.) With AAD in the Tenant Y, I added the user's email (use01@company.com) in the active directory (AAD) as a guest user, and the user had received the notification email and accept it. 3.) With AAD in the Tenant Y, I registered a new application, selected Accounts in any organizational directory option from Supported account types section, setup the redirect URI. 4.) Added the delegated API privilege for Graph API (such as the Files.ReadWrite and Files.ReadWriteAll), and approved the new added privileges request. 5.) Created a new client secret for the application. 6.) With the tenant Id, client Id and client secret of the application, now I could start OAuth2 authentication flow for the user (user01@company.com). And finally, I got the access token for this user. 7.) With the access token, it's no problem to get the user's profile https://graph.microsoft.com/v1.0/me 8.) It would complain 401 Unauthorized error for this request: https://graph.microsoft.com/v1.0/me/drive . (By the way, such request will be no problem for the user in the same Tenant Y) Response as the following: HTTP/1.1 401 Unauthorized Cache-Control: private Content-Type: application/json request-id: ffef8bc9-11e7-4d07-9df3-e3cee81ef7b2 client-request-id: ffef8bc9-11e7-4d07-9df3-e3cee81ef7b2 x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"East Asia","Slice":"SliceC","Ring":"4","ScaleUnit":"002","RoleInstance":"AGSFE_IN_19"}} Strict-Transport-Security: max-age=31536000 Date: Wed, 24 Jun 2020 07:13:00 GMT Content-Length: 249 { "error": { "code": "accessDenied", "message": "There has been an error authenticating the request.", "innerError": { "date": "2020-06-24T07:13:01", "request-id": "ffef8bc9-11e7-4d07-9df3-e3cee81ef7b2" } } }