User Profile
PoorMens_Bravo
Brass Contributor
Joined 8 years ago
User Widgets
Recent Discussions
Automating CRUD operations in MS Places
Hi, Has anyone been able to automate CRUD operations in MS Places yet? Given that the Places API calls support user access tokens only currently and Application access tokens isn't yet supported? We were able to do Get operations using App tokens but when run anything to modify, For Ex: Create a building using Set-Placev3 cmdlet it gives error. When raised an MS ticket they confirmed that the calls doesn't support application tokens yet.. We have a showstopper kind of situation.Re: Scoping application Crestron to access only room mailboxes of resourcetype Workspace
The issue got resolved, I believe somewhere in the code of the application, it was not using secret and instead secret code was being used, upon updating that the issue got resolved..... Just stumbled upon this discussion and realized I haven't updated it....16Views0likes0CommentsRe: Scoping application Crestron to access only room mailboxes of resourcetype Workspace
(For some reason this site is slow and breaks alot, I remember replying to this message earlier, but vanished after I hit the Reply button) Ok, yes i got what you meant...I went ahead and cleared the Entra permissions, and tested again, this time the test was successful. Result: Events were successfully retrieved for Workspace mailboxes. Non-Workspace mailboxes returned 403 errors. However, the issue with authentication persisted even after this change. The sign-in logs show: Sign-in error code 7000215 Failure reason Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '{identifier}'. Additional details Developer error - the app is attempting to sign in without the necessary or correct authentication parameters. Assuming that secret code was used instead of Secret actually tried once again with secret, the issue seems to persist, somehow. I have a feeling that this is something a human error sort of.44Views0likes0CommentsRe: Scoping application Crestron to access only room mailboxes of resourcetype Workspace
Actually thanks VasilMichev for pointing that out and I agree that's correct, I just removed the Entra permissions for the application and my Graph test started showing up correctly.... Which means that the scope for the application is working as expected... However, we still stand with the issue of Authentication, I am not sure from where to start investigating that....Is there a place I can check for logs?47Views0likes0CommentsScoping application Crestron to access only room mailboxes of resourcetype Workspace
We got a requirement for to enable application Crestron to be able to access Workspace resourcetype Room mailboxes only. So, we thought of directly tieing the application to these mailboxes over the usual way of assigning it to a group because we had to create a group just for to maintain this delegation. Below are the steps we performed: #Create management scope Connect-ExchangeOnline New-ManagementScope -Name "Workspace Mailboxes" ` -RecipientRestrictionFilter "((RecipientTypeDetails -eq 'RoomMailbox') -and (ResourceType -eq 'Workspace'))" #Assign the management scope to Roles New-ManagementRoleAssignment ` -App "<AppID>" ` -Role "Application Calendars.ReadWrite" ` -CustomResourceScope "Workspace Mailboxes" ` -Name "MyApp-WorkspaceOnly" New-ManagementRoleAssignment ` -App "<AppID>" ` -Role "Application MailboxSettings.Read" ` -CustomResourceScope "Workspace Mailboxes" ` -Name "MyApp-WorkspaceOnly-Settings" #Verified the assignment via: Get-ManagementRoleAssignment -App "<AppID>" | ft Name, Role, CustomResourceScope Name Role CustomResourceScope ---- ---- ------------------- MyApp-WorkspaceOnly Application Calendars.ReadWrite Workspace Mailboxes MyApp-WorkspaceOnly-Settings Application MailboxSettings.Read Workspace Mailboxes Tested the scope of the assignment with a non-workspace mailbox and a workspace mailbox, the scope resulted false for non-workspace mailbox and true for a workspace mailbox. Later, admin consented for API permissions Calendars.ReadWrite, Mailboxsettings.Read & User.Read.All and generated an application secret with validity of 180 days to the application team and shared the secret key. ISSUE: When application team tested the access from Crestron application for a workspace mailbox it is resulting in Authentication Failed. This is the actual issue. In order to test whether this is happening because of scope , performed the below steps: $TenantId = "<TenantID>" $AppId = "<AppID>" $ClientSecret = "<ClientSecret>" $Body = @{ grant_type = "client_credentials" client_id = $AppId client_secret = $ClientSecret scope = "https://graph.microsoft.com/.default" } $TokenRequest = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" ` -Method POST -Body $Body $AccessToken = $TokenRequest.access_token $WorkspaceMailbox = "<email address removed for privacy reasons>" Invoke-RestMethod ` -Uri "https://graph.microsoft.com/v1.0/users/$WorkspaceMailbox/events" ` -Headers @{Authorization = "Bearer $AccessToken"} The expected results for this test was to receive Workspace mailbox → Returns events. Non-Workspace mailbox → Should return 403 Forbidden. However, it resulted events in both the cases, when dug further I realised that Graph API will override the management scopes created at Exchange level, so need guidance on how we can take this further.203Views0likes7CommentsRe: Need expertise advise on an event of mass mail-send
Yeah, we have not gone for HVE for some internal reasons and since we have a centralised mail-flow in our orgaization all of our applications use our Onprem SMTP Gateway and we have forbidden the teams from using Microsoft Gateways..... Which is why i was looking for the checkpoints on where all i need to check and based on that guide the requesting team to go ahead.80Views0likes0CommentsNeed expertise advise on an event of mass mail-send
Hi all, We have a consultation from one of the application team about a mass mail that they are planning to send the number of emails is 60k, the challenge here is we cannot ask them to create group and send out an email because each of the recipient will be sent with a distinctive attachment and distinctive mail body content, hence no solution will work for now. We have a hybrid exchange setup with an Open SMTP Relay that connects to around 32 Exchange onprem servers and these servers will route those mails to Office365 Exchange Online as all of our mailboxes are hosted in Exchange Online. ALthough i am suggesting them to break these down to smaller batches and send in different time-slots giving 30 minute gap after each gap. I just want to be thoughtful and give the best suggestion, so what are all the things i would need to look into from Exchange standpoint and end to end monitor the situation.155Views0likes4CommentsValidate the working of default policy tag in MRM policy
Hi All, We have applied a retention policy to all mailboxes in our environment which also includes a default policy tag that moves all mails older than a year to Archive. Now, i know that the policy is applied and the default tag is doing its job, but, is there a way where i can see whether the mails are moved after the policy was applied ?163Views0likes1CommentGet-azureADApplication using ObjectID
Hi All, I have exported a csv file by running Get-OrganizationAddIn cmdlet script , but with that file i am not able to find out the owners of these integradted apps. Now i am importing this CSV file into Get-AzureADApplication cmdlet but i am unable to list any results by using the filter for ServicePrincipalObjectID , I am thinking just because it is going through thousands of applications within the tenant, so any help would be really helpful. Below is the snippet: $securityid = Import-Csv -Path C:\Temp\OrgAddins-25Jul2024-162827.csv | select -ExpandProperty ServicePrincipalObjectId foreach($id in $securityid) { Get-AzureADApplication -ObjectId $id -all $true}Re: Pull a report of Integrated Apps in Office365/Microsoft365
PoorMens_Bravo Ok finally i was able to find out that webapps, Teams deployed add-ins will not be listed from this command and also the 'admin' add-in too. This was the command i finally used to build a report: Get-OrganizationAddIn | ForEach-Object { Get-OrganizationAddIn -ProductId $_.ProductId } | select ProductId,DisplayName,DefaultStateForUser,Type,@{Name="OfficeProducts";e={$_.OfficeProducts -join ";"}},@{Name="AssignedGroups";e={$_.AssignedGroups -join "|"}},@{Name="AssignedUsers";e={$_.AssignedUsers -join "|"}} | Export-Csv -Path "C:\Temp\OrgAddins-$(Get-Date -Format ddMMMyyyy-HHmmss).csv" -NoTypeInformation However, i am now really struggling to find the owners of the apps listed here.2.3KViews1like0CommentsRe: Exchange CU14 changes in AD
To add, this CU is doing some global updates which will require an Enterprise Admin account, we saw some Audit Security Policy logs in our DCs and hence this is touching something outside the Exchange container of which the Exchange accounts do not have permissions to do the job.799Views0likes0CommentsRe: Exchange CU14 changes in AD
AnnTaeYoun From what i understand, when we install Exchange, the first thing what Exchange does is it will create a list of containers and objects in AD, that got us thinking about the below listed questions: What all AD Objects, groups, containers will be touched/modified which needs Enterprise Admin Rights beyond the "FullAccess" rights which we already have on the Exchange Org container We noticed that the Setup file was trying to access "Audit Security Privilege" on the Domain Controllers, why and what changes it's trying to make in CU14 Any other changes, where /PrepareAD will touch the objects out of the Exchange Org container, if yes please share those, and what changes/modifications it's going to make to them and why834Views0likes1CommentRe: Pull a report of Integrated Apps in Office365/Microsoft365
Kidd_lp Thank you for that and it literally saved me a big time. I installed this module and ran Get-OrganizationAddin -getalldetails -verbose This will show up the intagrated addons, but the limitation is it only shows the ones for which the Status is Ok, i would want to fetch the addons for the status are not ok as well. I am not sure how to modify this.2.6KViews0likes1CommentRe: Exchange CU14 changes in AD
AnnTaeYoun I saw those things and realised about the object version changes, however why is the object version changing and what are the actual changes that are happening is what i am unable to understand. Since we are running the PrepareAD cmdlet to update the Object version there should be some changes happening in the backend, this info is hard to find990Views0likes5CommentsExchange CU14 changes in AD
Hi all, We see that Microsoft has released its latest CU that is CU14, our Org s getting updated from CU13 to CU14, the prereq here is, we will have to run the PrepareAD in order to proceed with the updation. However, what is being changed at AD level is what i am not able to understand, can someone share these updates?1.2KViews0likes7Comments
Recent Blog Articles
No content to show