Origin and Synchronization of User Profile Properties in SharePoint Online
Hi everyone, I’m trying to understand exactly where the User Profile properties in SharePoint Online come from and how (or if) they are synchronized from Microsoft Entra ID (formerly Azure AD). I’ve extracted a complete list of the properties I see in my tenant, for example: AboutMe AccountName ADGuid Assistant CellPhone Country DelveFlags Department Fax FirstName HomePhone LastName Manager msOnline-ObjectId Office ... SPS-Responsibility SPS-Interests SPS-PictureExchangeSyncState SPS-UserPrincipalName WorkEmail WorkPhone I would like to understand: Which of these come from Microsoft Entra ID, Which are automatically synchronized to the User Profile Application (UPA), And which are local SharePoint or Delve properties, not connected to Entra. So far, I’ve only found this official documentation: About user profile synchronization in SharePoint Online However, it only lists a limited subset of properties (“The following Microsoft Entra user attributes are synced to the UPA…”), and it does not cover all the properties present in the UPA schema. I’m looking for a more complete or up-to-date reference — or at least an official explanation as to why there isn’t a public, full mapping between Entra ID and UPA. Does anyone know if there is an official complete list or a way to verify the actual source of each property (Entra ID, Exchange, Delve, local SharePoint, etc.)? Thanks in advance for any clarification or useful resources!
Cannot find Sharepoint Online API endpoints
Hi Team, My team is working on SharePoint Online, and are not able to find APIs related to the following entities: 1. All List APIs 2. All files and folders APIs 3. All Link APIs 4. All Event APIs 5. All Page APIs. When we say 'all', we mean endpoints to create, update, get, delete and perform other operations on the above listed entities. We found a few APIs related to files and folders here - https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/working-with-folders-and-files-with-rest It would be very helpful if you could share rest of the endpoints with us. Thank you.
Sharepoint SitePage
Using Graph API . I want to access a specific Sitepage , I need to know the Sitepageid, based on /pages it will return all Page id within the Site, Is there a way to get the Sitepage id directtly based on the Sitepage name.aspx ? I want to detect files changes on that Sitepage and be able to downlaod the files from the sitepage ? How can we do that using Graph API I know we can detect files changed at the drive level within a site. I am looking for Sitepage can we do the same ?what API can be used ?
Error 'Cannot get value for projected field...' when users without email were set to the field
SharePoint List Setup I have a simple list with a Person field Approvers which allows multiple selections. One of the list items has a user set to the Approvers but the said user does not have email configured. REST API used https://xxx.sharepoint.com/sites/xxx/_api/Web/Lists(guid'xxx')/items/?$filter=ID eq xxx&$select=*,Approvers%2FEMail&$expand=Approvers REST API response Error { "odata.error": { "code": "-2146232832, Microsoft.SharePoint.SPException", "message": { "lang": "en-US", "value": "Cannot get value for projected field Approvers_x005f_EMail." } } } Graph API used https://graph.microsoft.com/v1.0/sites/xxx/lists/xxx/items?$filter=startswith(fields/Title, 'xxx')&$expand=fields($select=Title,Approvers) Graph API response Success "Approvers": [ { "LookupId": 1, "LookupValue": "User A", "Email": "" }, { "LookupId": 2, "LookupValue": "User B", "Email": "" }, { "LookupId": 3, "LookupValue": "User C", "Email": "******@outlook.com" } ] Question Is there anyway we can tell the REST API to react the same way as Graph API, instead of failing, return the data as-is?
Connection was forcibly closed by TPC RST packet from Microsoft servers
We are experiencing intermittent but frequent connection terminations during communication with SharePoint Online via REST API. After several internal investigations, we were unable to identify any root cause on our end. We have observed unexpected connection resets originating from Microsoft servers, specifically during or after the TLS handshake. Packet trace including the TCP RST. This packet appears to be an unsolicited TCP RST sent from Microsoft side. 396 19.654862 SharePoint IP Client IP TLSv1.2 357 Application Data 397 19.655259 SharePoint IP Client IP TLSv1.2 1013 Application Data 398 19.655344 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 402] 399 19.655376 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 402] 400 19.655387 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 402] 401 19.655376 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 402] 402 19.655387 SharePoint IP Client IP TLSv1.2 1448 Application Data 403 19.655476 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 405] 404 19.655495 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 405] 405 19.656337 SharePoint IP Client IP TLSv1.2 1212 Application Data 406 19.656367 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 408] 407 19.656412 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 408] 408 19.656412 SharePoint IP Client IP TLSv1.2 1070 Application Data 409 19.657129 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 411] 410 19.657192 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 411] 411 19.657292 SharePoint IP Client IP TLSv1.2 992 Application Data 412 19.657325 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 414] 413 19.657435 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 [TCP PDU reassembled in 414] 414 19.657523 SharePoint IP Client IP TLSv1.2 992 Application Data 415 19.659729 SharePoint IP Client IP TCP 60 443 → Random Port [RST] Seq=... Win=0 Len=0 416 19.660127 SharePoint IP Client IP TCP 60 443 → Random Port [RST] Seq=... Win=0 Len=0 417 19.660216 SharePoint IP Client IP TCP 60 443 → Random Port [RST] Seq=... Win=0 Len=0 418 19.660317 SharePoint IP Client IP TCP 60 443 → Random Port [RST] Seq=... Win=0 Len=0 419 19.660318 SharePoint IP Client IP TCP 60 443 → Random Port [RST] Seq=... Win=0 Len=0 420 19.661139 SharePoint IP Client IP TCP 60 443 → Random Port [RST] Seq=... Win=0 Len=0 421 19.661235 SharePoint IP Client IP TCP 60 443 → Random Port [RST] Seq=... Win=0 Len=0 422 19.662135 SharePoint IP Client IP TCP 60 443 → Random Port [RST] Seq=... Win=0 Len=0 423 19.662212 SharePoint IP Client IP TCP 60 443 → Random Port [RST] Seq=... Win=0 Len=0 424 19.665417 Client IP SharePoint IP TCP 1514 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 425 19.766395 Client IP SharePoint IP TCP 1514 [TCP Retransmission] 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 426 20.367148 Client IP SharePoint IP TCP 1514 [TCP Retransmission] 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 427 21.167413 Client IP SharePoint IP TCP 1514 [TCP Retransmission] 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 428 21.179165 Client IP SharePoint IP TCP 1514 [TCP Spurious Retransmission] 443 → Random Port [ACK] Seq=... Ack=... Win=4194560 Len=1460 429 21.773431 Client IP SharePoint IP TCP 1514 443 [SYN, ECE, CWR] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM TLS Handshake Behavior: .NET-based applications on our server report the following exception: System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---] System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host. We have included packet traces showing: - Successful TCP and TLS handshakes - Encrypted application data sent by our client - Acknowledge packets from your server - Connection then abruptly closed by a TCP RST without any visible application-layer error Environment & Testing: - Operating System: Windows Server 2022 - Frameworks: .NET 6 / .NET 8 - Connectivity: REST API calls to SharePoint Online (no sync, no OneDrive, no hybrid setup), TLS1.2 used and set up based on Microsoft recommendations Observations: - Approximately 70% of API calls fail intermittently - Issue occurs across multiple SharePoint sites and folders - Affects all users (admin, regular users, etc.). - No firewall, hardware, or configuration changes have occurred on the affected server - Disabling security software had no impact - Temporary switch to IPv6 improved stability for ~24 hours before the issue returned - New development: - We moved some applications to a separate VPS — those are working correctly. - However, a similar issue has now started occurring on a completely different server hosted by a customer, indicating this may not be isolated to a single environment or IP. Is this expected behavior under specific policies (e.g., IP reputation, rate limiting, User-Agent filtering)? Could there be a misconfiguration or conditional access policy silently blocking some connections? Is this possibly related to throttling or regional backend issues? Thank you for any support in this case.Retrieve Term Navigation Properties using REST API
I've set up a Term set in the global term store and enabled Navigation so I can add URLs for each of the Terms. Note that I'm not going to use the Term set navigation in my site - it's only there to try and retrieve it from my SPFx webpart. Note that I can get all the terms under my Term set - just not the navigation properties. Below is what I'm trying to get the navigation properties: https://TENANT.sharepoint.com/_api/v2.1/termStore/sets/TERMSETGUID/terms/TERMGUID/properties But I get: "The property 'properties' is null or does not exist". Also, expand doesn't seem to work at all. I'm not looking to use pnpjs or even graph if I can help it. Any ideas welcome.
SPFX call gets error "interaction required" after turning on function's System Assigned Identity
I have an spfx web part that is connected an Azure Function. All was working until I turned on the System Assigned Identity for the function. Below is my configuration while it was working: Function app: contoso-fn App Service authentication enabled Unauthenticated requests get a 302 HTTP code Microsoft is the identity provider, with app registration "contoso-fn-auth" It allows token audiences from api://<id-contoso-fn-auth> and from <my-tenant>.sharepoint.com Allowed client applications include 08e18876-6177-487e-b8b5-cf950c1e598c and <id-contoso-fn-auth> CORS: https://learn.microsoft.com/en-us/answers/questions/4374948/spfx-making-call-to-azure-function-gets-error-inte and https://<my-tenant>.sharepoint.com App registration "contoso-fn-auth" (used above when setting up identity provider) Authentication > Web > Redirect URI: https://learn.microsoft.com/en-us/answers/questions/4374948/spfx-making-call-to-azure-function-gets-error-inte ID tokens issued only accounts in the tenant can access this API API permissions > contoso-fn-auth > user_impersonation ; Delegated; Status: granted for tenant Expose an API: Scopes api://<id-contoso-fn-auth>/user_impersonation The code in the SPFX to request the function is something like this: this.context.aadHttpClientFactory .getClient('<id-contoso-fn-auth') .then((client: AadHttpClient): void => { client.get(<url-to-the-fn>/api/upload)...}); In the SharePoint Admin Center, under Advanced > API Access, the user_impersonation permission is approved for contoso-fn. I then changed the Function app identity, turning on "system assigned", as I needed the function to authenticate against the Azure Blob Client, and now I'm getting the following error: interaction_required: Seamless single sign on failed for the user. This can happen if the user is unable to access on premises AD or intranet zone is not configured correctly I read something about turning on the function's system assigned identity affecting how I requests tokens using the aadHttpClientFactory, but I haven't been too successful in finding how to solve the issue (including internet search and asking several LLMs). I don't need my function to have user context (I could send that from the spfx) but I need this to work without any redirects. I would appreciate help to be able to call the function from the spfx seamlessly, while keeping the function secured with Microsoft identity. (porting from a https://learn.microsoft.com/en-us/answers/questions/4374948/spfx-making-call-to-azure-function-gets-error-inte, as requested)
Accessing endpoints published to Entra Application Proxy from SPFx
We have an on-premises web service (hosted in IIS) published through Entra Application Proxy. When attempting to access the published endpoints from a SharePoint (SPFx) web part, we encounter CORS errors (302 Found). Accessing these endpoints directly from a browser address bar works as expected. In IIS, the Access-Control-Allow-Origin response header is set to * (wildcard). We have also tried specifying a particular domain, but that did not resolve the issue. Pre-authentication is enabled in Entra Application Proxy. Has anyone successfully connected to endpoints behind Entra Application Proxy from an SPFx web part? Any insights or solutions would be greatly appreciated.
Set AssociatedOwnerGroup for a web using REST
I am building sub-sites under a site collection via FLOW/Power Automate, and we need to know how to make the default owners group for the site. We can build the SharePoint groups and assign users, but how do you set the property: AssociatedOwnerGroup Anyone have a sample POST? https://docs.microsoft.com/en-us/previous-versions/office/sharepoint-visio/jj245638(v=office.15)?redirectedfrom=MSDN These 2 threads are not helpful and don't answer the question: https://social.technet.microsoft.com/Forums/en-US/09288617-90d8-410a-88b2-30c3d77f0dc6/how-do-you-set-associatedownergroup-for-a-web-using-rest-api?forum=sharepointdevelopment https://social.msdn.microsoft.com/Forums/sqlserver/en-US/aa435402-ef15-4b6e-9b10-965861e93f50/how-to-set-associatedownergroup-with-rest-api-in-sharepoint-2013?forum=sharepointdevelopmentSharepoint Basic auth authentication effect SharePointOnlineCredentials?
I'm wondering if the announcement of Basic auth deprecation for SP online mentioned here https://learn.microsoft.com/en-us/sharepoint/technical-reference/basic-auth-is-being-deprecated affects the use of the SharePointOnlineCredentials method of logging in via .net CSOM APIs. I'm aware it takes username and password but I thought it was actually classified as a form of Claims Based Authentication not basic. I know on the client side, newer CSOM libs don't include that structure any more. But that doesn't mean the server will no longer accept that means of login. The object I'm talking about is https://learn.microsoft.com/en-us/dotnet/api/microsoft.sharepoint.client.sharepointonlinecredentials.-ctor?view=sharepoint-csom&devlangs=csharp&f1url=%3FappId%3DDev16IDEF1%26l%3DEN-US%26k%3Dk(Microsoft.SharePoint.Client.SharePointOnlineCredentials.%23ctor)%3Bk(TargetFrameworkMoniker-.NETFramework%2CVersion%3Dv4.8)%3Bk(DevLang-csharp)%26rd%3Dtrue And the means of using it would be like this SharePointOnlineCredentials creds = new SharePointOnlineCredentials(sUserName, securePassword); ClientContext ctx.Credentials = creds; string authCooke = creds.GetAuthenticationCookie(Sharepointuri);