Approvals Not updating
I'm having a problem when retrieving the approvals created. Until 2024-12-26 at 13:16:48 UTC, when I created an approval, either through the application or through the API, it immediately appeared when I used get in the endpoint: https://graph.microsoft.com/beta/solutions/approval/approvalItems. Now I'm only able to see the approvals from before 2024-12-26 at 13:16:48 UTC, there is no record of the new approvals. I also noticed that, in the application, it's not showing the name of the person to whom the approval request was sent, only the name of the person who approved it, both for the new requests and for the old requests that have already been completed.
Sharepoint Lists: Format for POST Request to create Column as Choice with Multi Select Enabled
I am relatively new in using the Graph API. I am working on a script that creates new columns for an existing List on my company's SharePoint site. I am having trouble in creating a Choice Field Column that has Multiple Selection Enabled. I followed the documentation to create a Choice Field with the default (single select) as follows: const apiUrl = `https://graph.microsoft.com/v1.0/sites/${siteId}/lists/${listId}/columns`; const response = await fetch(apiUrl, { method: "POST", headers: { Authorization: `Bearer ${accessToken}`, "Content-Type": "application/json", }, body: JSON.stringify(columnPayload), }); Where, columnPayload looks like the following: { "name": "Color", "choice": { "choices": ["Red", "Green", "Blue", "Purple"], "displayAs": "dropDownMenu" } } As expected I see the column created properly.... (Split bottom photo for cleaner view) Now, what changes must I make to have the Allow Multiple Selections toggle enabled when creating the column via the POST request. As we can see, by default, it is not enabled. I have looked over the documentation and have yet to come across anything that provides a solution. I assumed there would be additional fields within the "choice" field in the JSON body to specify this, however, I only see the following on the graph api site: I would appreciate any guidance on this.Using microsoft graph to pull calendar data weekly
Hello- I've building an app that requests calendar access from users with Graph API. I am hoping to request permissions once and then pull calendar data weekly but I'm not sure if this is possible. I'm using the python ms-graph sdk and the interactive authentication client to request access. I am seeing some things about offline_access scope providing a refresh token but unsure how it works and the docs I found haven't been helpful. Any help would be appreciated!How to revoke consent for a registered app programmatically?
Hello, I've been struggling with this issue for days. Tried many different endpoints and mostly got back cryptic errors only. Overall, zero progress. So, I really hope that someone here can help me out. I have a very simple application where users can sync their calendars and also receive new events directly into the calendar. I acquire "Calendars.ReadWrite, offline_access, User.Read" delegated permissions interactively. When the users decide to stop using my application, they can "unlink" and I will drop all the events, hooks, etc. What I am trying to achieve is that my third-party app would also disappear from the list of apps presented here: https://account.live.com/consent/Manage. In other words, a complete cleanup, revoking any access permissions, dropping all tokens, etc. It seems a very basic scenario. Google Calendar has a simple endpoint that can do exactly that: https://oauth2.googleapis.com/revoke?token=<TOKEN>. What am I missing? How can I do that? I am running out of ideas about what I can do with revokeSignInSessions and oAuth2PermissionGrant; it seems like I tried everything and nothing worked. It must be a common requirement, no? Thanks for reading this post! Any help is appreciated. Regards,
Get users with specified app roles
I have a question about the Graph API. I need to download all users who have been assigned the app role "Role" in "ApplicationA". I need it to download all users with the required app role to send an email. I have tried various ways, through the list of users using the following API: https://graph.microsoft.com/v1.0/users?$expand=appRoleAssignments&$count=true&$filter=appRoleAssignments/any(w:w/appRoleId eq {guid}) However this returns the following error, I have of course tried similar options. { "error": { "code": "Request_UnsupportedQuery", "message": "Property 'appRoleId' does not exist as a declared property or extension property.", "innerError": { "date": "2024-02-28T20:49:49", "request-id": "bf8991a4-82e9-4136-9664-1cebc1718ae0", "client-request-id": "bf8991a4-82e9-4136-9664-1cebc1718ae0" } } } I also tried using servicePrincipals. But this returns all users/applications assigned to the service principal and not just the role I need, and the filtering I tried with OData didn't work. Many items is downloaded: https://graph.microsoft.com/v1.0/servicePrincipals(appId='{guid}')/appRoleAssignedTo Do you know of a better solution? ThanksBest practice on how to renew change notification subscription while the user is not signed in
I am currently developing an app that will have synchronization features for Outlook contacts and messages. Then I noticed that both of these have a maximum expiration time of ~3 days. I need a pointer on how to renew/reauthorize this subscription, I want to use only Delegated permissions because using application permission could be a turndown for our potential user (we don't want to use admin-required permission). We don't want to rely on the user signing into the app because it's possible that the user doesn't log in to the app for more than three days. However, we need the access token to update the subscription. I considered storing the access token and refresh token of the user encrypted in our database, but I don't like this solution since it adds more complexity and may go against some compliances. What options do I have? Also, this documentation authentication section mentions about access token, but it says that it is only used for validation. This section is a bit confusing, can anyone explain?
Missing Alerts when calling List Alerts http://graph.microsoft.com/v1.0/security/alerts_v2
What kinds of alerts will be included when calling List Alerts: GET http://graph.microsoft.com/v1.0/security/alerts_v2 We've encountered a problem where certain alerts are not appearing when calling the API at GET https://graph.microsoft.com/v1.0/security/alerts_v2, yet these missing alerts are visible in the user interface Microsoft 365 Defender https://security.microsoft.com/alerts. Is it possible to read all alerts from the Microsoft 365 Defender https://security.microsoft.com/alerts? Is it possible to get the activity list of alerts from the Microsoft 365 Defender, too? The current JSON response of List Alerts does not include the activity list. How to get the activity list? Is there another Endpoint that can get the activity list?
Graph API deleted user attributes and searching / filtering
Is there a way to search deleted users by attributes with the Graph API? If so, which attributes are searchable? If I need to restore an account that I don't have the id / objectid for, I have to retrieve all deleted users and then filter the results. Also, is there a way to retrieve the onPremisesImmutableID and the lastDirSyncTime of a deleted user that was federated with AzureADConnect?Issues with POST to GraphAPI with Powershell
I can export Intune policies using the API so i know i'm authenticated but when I try to POST one of the policies i get a response but its just a repeat of the JSON file and no Error or 201 success message. Invoke-RestMethod -Uri https://graph.microsoft.com/Beta/deviceManagement/deviceCompliancePolicies -Headers $global:authToken -Method POST -Body $json_output -ContentType "application/json" If i take the JSON file and paste it in to the body of MSGraph Explorer it works but i'm not sure why i'm not getting a response back.Graph API - How to Determine Source of OneDrive Permission
When making a call to the OneDrive permission endpoint: /v1.0/me/drive/items/{item_id}/permissions The API returns permissions for the specified item, but also for parents of the specified item, because those can also be used to share the item itself. However, there is no data in the API response to indicate the source of a given permission. Currently, to find the source of a permission, I need to keep executing calls to the permissions endpoint for each parent of the original item, in ascending order, until the given permission is no longer returned. Then I know that the previous item I executed the call for is the one the permission actually belongs to. This is a very hacky solution and extremely inconvenient for my purposes. I've looked for a better solution but haven't found one yet. There has to be a better way than what I'm currently doing...
