Slow UI update for deleted events
I've built an integration that continuously syncs events between an external scheduling system and Exchange Online using Microsoft Graph. I'm observing a recurring issue when deleting calendar events via Graph: A DELETE request to Graph returns success (204 No Content). A subsequent GET /events/{id} returns 404, confirming the event is deleted server-side. However, the event continues to appear in the Outlook UI (both Outlook Web and desktop) for an extended period (sometimes hours), even after page reloads or app restarts. The odd behaviour The event is still displayed in the user interface for up to several hours The event persist through page reloads If the user clicks the event it opens briefly and immediately closes, the event disappears from the UI afterward. Additional details Delete endpoint: /users/{id}/events/{id} Graph response: 204 No Content Verified deletion via GET → 404 Reproduces in both Outlook Web and Outlook desktop Questions Is this a known Outlook client caching or calendar view indexing issue? Is there a way to force client reconciliation after deletes? Are there Graph or Exchange constraints around rapid create/update/delete cycles that could cause this UI inconsistency?
O365 Group email settings
I am in the middle of trying to create some automated routines that create groups in O365 and add/remove members from them as needed. One of things I ran into is that when an email is sent to the group, the emails are not going into each members' inbox and are only visible in Outlook through "Go to groups" in the left hand menu. I can see the settings that need to be set but can't set them because either, A: it just doesn't do it or B: says I don't have permission. Doing this through C# and the Graph SDK The two items I think I need to turn on are below. What permissions are needed to be able to manage those settings but NOT be able to have access to anyone and everyones' email boxes, emails, etc or is there another way to do this? IsSubscribedByMail AutoSubscribeNewMembers
Slow download speed using GRAPH api
I wanted to start a little discussion because I can't find any information about my issue with download speed of GRAPH api. So Let's start with some information that I have a python app that connect to my One drive Business. I have there two folders with pdf's one is about 70k and one is 7k. I connect to them successfully. I know that this API has some limitation with the amount it can download on one request but still I think it is not fault but my and lack of knowledge. The biggest problem is when I use some search feature in my app that requires searching a specific file(it just freeze my whole app). I make all communication inside my python code and I don't see any room to further optimization. I will just mention that this is my first time working with API and clearly don't know where to ask for any help.
Graph API : Authorization_RequestDenied Message: Insufficient privileges to complete the operation.
Hi Team, I have a Graph app and user configured with the following resourceAccess scopes: Code "resourceAccess": [ { "id": "06da0dbc-49e2-44d2-8312-53f166ab848a", "type": "Scope" }, { "id": "9c7a330d-35b3-4aa1-963d-cb2b9f927841", "type": "Scope" }, { "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", "type": "Scope" }, { "id": "b340eb25-3456-403f-be2f-af7a0d370277", "type": "Scope" } ] However, when trying to pull presence data, I receive the following error in Postman: Code StatusCode: Forbidden Message: Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. Graph Explorer also fails to return presence for a specific user using: https://graph.microsoft.com/beta/users/{user-id}/presence But the endpoint for the signed-in user works fine: https://graph.microsoft.com/beta/me/presence Admin consent has been granted, and even the Global Admin cannot retrieve presence for other users. Other permissions work fine — the app can list users and connect without issue. Presence is the only operation failing. Question: How can I investigate this behavior in Azure/Entra using the request-id or client-request-id from the error response? Or what could cause this behavior? Thanks in advance!
Getting 403 Unauthorized on Graph API Mail Access (School Project with Consent Given)
Hi everyone, I'm currently working on a school project involving the Microsoft Graph API, and I'm running into an issue. I hope someone in here can help me with it. The project is called Sumday. it’s a concept app that pulls in emails daily from a user's mailbox, summarizes them using the ChatGPT API into a to-do list, and then creates tasks in Microsoft To Do. The goal is to provide users with a daily productivity summary and action plan based on their incoming mail. The issue is this: Even though another user has granted consent to my app registration (via delegated permissions), I receive a 403 Unauthorized error on every API call when trying to read their mailbox. I understand that delegated permissions require the signed-in user to match the mailbox being accessed, but since this is just a school project and not a production application, I’m wondering: Is there any workaround or sandbox approach that allows this kind of delegated access to be simulated? Is the issue caused by Microsoft 365 education/school tenant restrictions? Since I can log in and access my own mailbox just fine, is there a way I can safely test cross-user scenarios for demo purposes? Important note: I did manage to get this working using a Logic App, but that’s not the approach I want to take for this project. My goal is to integrate everything within my own app and codebase, so relying on Logic Apps is more of a temporary workaround rather than a long-term solution. I’m not trying to bypass any limitations just hoping to better understand what’s possible in this context and how I can move forward with developing and testing the core idea. If anyone has insights, experience, or advice on this, I’d really appreciate your help. Thanks in advance! Best, Chris
Grant "read" role for a DriveItem to an Entra ID app
Context My web app uses an Entra ID application to organize file transfer from Sharepoint to the local storage. For this to work, a combination of “Files.Read.All” Delegated permission and FilePicker SDK v7.2 for JavaScript is used. A user authorizes using his Microsoft work account, agrees with the consent, selects a file, and the web app reads and downloads that file. Question How to have a stable way for the Entra ID app to read any file, which was previously selected by any user, at any time? (Have a permanent “read” access) What I have tried Files.SelectedOperations.Selected Application permission. I can request a JWT token for the Entra ID app (POST /tenant_id/oauth2/v2.0/token), but a call (POST /v1.0/sites/site_Id/drives/drive_Id/items/item_Id/permissions) to grant “read” role for a DriveItem by siteId, driveId and itemId retrieved from FilePicker SDK's response returns 403 “accessDenied”. Apparently, that’s the user who must grant access to that file, but on UI he cannot share it with an Entra ID app, only with another user. Re-usage of user’s accessToken which comes from FilePicker SDK to backend to grant "read" role for the Entra ID app to the file he has just selected. This accessToken is not full and cannot be used to perform such an operation. Ultimate Goal (just for more context) Implement OneDrive file auto-synchronization service for the web app. For example, a user uploads a file to the web app. A month later he updates this file on Sharepoint in a site-collection or My Files. A background task is launched daily to update obsoleted files in the web app. The application must be able to read and download the respective DriveItem without any user interaction. Business Restrictions Excessive Application type permissions (Files.Read.All, FullControl, etc.) are not allowed. Sites.Selected is highly NOT preferred because it requires global changes for users to transfer (copies of) their content on a special site-collection the Entra ID app will have to monitor. So is actual if each customer Users should not be involved into using developer tools, like sending POST requests through Postman or Graph Explorer. Authorization flows which involve refreshing the received users' accessTokens are not allowed. I am grateful for any information and ideas!
Authentication issue while using Client Credential through Oauth2.0
Hi Community Hope you are doing well. I am unable to authenticate to our registered app in azure. I am looking to test the get/users graph api using insomnia (similar tool as postman). During Token generation we are getting 401 error. we are provide correct Client ID and Secret with right scope url. I created the app, added the necessary permissions and the client credentials. Do I need to add a redirect uri to the app? Does the app need to be registered account types as "accounts in any organization directory"? I am getting a 401 unauthorized error Can you please assist what I'm what is missing here? I will really do appreciate your help. Thanks VatanError getting new token
Hi, i want to add a new member to a private channel. I follow the authentication flow as follows: a) starting with url https://login.microsoftonline.com/#tenantid#/oauth2/v2.0/authorize?client_id=#clientid#&response_type=code&response_mode=query&redirect_uri=https://www.dashandwerk.net/dashandwerk/api/graph/webhook&scope=offline_access%20TeamMember.ReadWrite.All%20ChannelMember.ReadWrite.All%20User.Read&state=1234" b) my redirect_uri will open and i am getting a new code c) this new code will be used to get a new token with this url https://login.microsoftonline.com/#tenant#/oauth2/v2.0/token?client_id=#client_id# &client_secret=#client_secret# &scope=offline_access%20TeamMember.ReadWrite.All,ChannelMessage.Send%20User.Read%20Mail.Read%20ChannelMember.ReadWrite.All' &code=#code# &redirect_uri=https://www.dashandwerk.net/dashandwerk/api/graph/webhook &grant_type=authorization_code But when getting the new token, i am getting this error: "{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID '640a5194-77b1-40cf-b774-fc9eb9a6d128' named 'dashandwerk-teams'. Send an interactive authorization request for this user and resource. Trace ID: 34a8ea64-b664-448c-9b7c-b4c9a92e0300 Correlation ID: 77e80082-9e58-4da9-8752-2d7bc75d7262 Timestamp: 2025-03-03 11:11:08Z","error_codes":[65001],"timestamp":"2025-03-03 11:11:08Z","trace_id":"34a8ea64-b664-448c-9b7c-b4c9a92e0300","correlation_id":"77e80082-9e58-4da9-8752-2d7bc75d7262","suberror":"consent_required"} Searching on google shows this: Make sure you have followed the steps to https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#construct-the-url-for-granting-tenant-wide-admin-consent. You can do this under Application > API permissions > Grant admin consent. But all grants have admin consent in the office admin center for intra at the app registration. Any ideas to solve this issue ?
Approvals Not updating
I'm having a problem when retrieving the approvals created. Until 2024-12-26 at 13:16:48 UTC, when I created an approval, either through the application or through the API, it immediately appeared when I used get in the endpoint: https://graph.microsoft.com/beta/solutions/approval/approvalItems. Now I'm only able to see the approvals from before 2024-12-26 at 13:16:48 UTC, there is no record of the new approvals. I also noticed that, in the application, it's not showing the name of the person to whom the approval request was sent, only the name of the person who approved it, both for the new requests and for the old requests that have already been completed.Approvals Not updating
I'm having a problem when retrieving the approvals created. Until 2024-12-26 at 13:16:48 UTC, when I created an approval, either through the application or through the API, it immediately appeared when I used get in the endpoint: https://graph.microsoft.com/beta/solutions/approval/approvalItems. Now I'm only able to see the approvals from before 2024-12-26 at 13:16:48 UTC, there is no record of the new approvals. I also noticed that, in the application, it's not showing the name of the person to whom the approval request was sent, only the name of the person who approved it, both for the new requests and for the old requests that have already been completed.