Downloading word file as PDF from SharePoint using graph api looses sensitivity-label
I have a word file in SharePoint Online document library, this file has Sensitivity label assigned to it. I am downloading this file using Graph SDK with query parameter 'format=pdf'. The file is successfully downloaded and saved as pdf, however, the sensitivity labels are lost. Graph url:Graph url: http://222.178.203.72:19005/whst/63/=fqZogzlhbqnrneszbnl9332//v1.0/drives/b!blTHg...nEk/root:/test03/document.docx:/content?format=pdf I opened the same file in browser (Open in browser) and clicked onFile --> Save as --> Download as PDF; this step retain the sensitivity labels. Why is the file when downloading from API loosing its labels? Note: I tried downloading directly using SharePoint URL and there too Label information is lost. The sensitivity labels does not carry any control mechanisms i.e., they are used for information classification.
Microsoft Graph API returns no data or unexpected errors for Viva Learning
Hello, I'm exploring options to create a custom learning management system for my company. The first thing I would like to do is to pull data from Microsoft Viva Learning via the Microsoft Graph API, for example to see which courses the employees have completed. The next step will be to write that data on a SharePoint site. I'm using the C# Microsoft Graph quick start example as a base, so I can make use of the Microsoft Graph SDK for C#. This is a .NET 7 project, so I upgraded it to a .NET 8 project with the latest versions of the packages: Azure.Identity version 1.11.2 Microsoft.Graph version 5.49.0 For authentication, I have 2 different clients in my code: ApplicationGraphClient which is using a ClientSecretCredential with a client secret provided by my administrator UserGraphClient which is using an InteractiveBrowserCredential, so that I can log in with my own account The following permissions have been given to the app by the administrator: application permissions User.Read.All LearningAssignedCourse.Read.All LearningContent.ReadWrite.All LearningSelfInitiatedCourse.Read.All Sites.ReadWrite.All delegated user permissions User.Read offline_access LearningAssignedCourse.Read LearningContent.ReadWrite.All LearningSelfInitiatedCourse.Read LearningProvider.ReadWrite Sites.ReadWrite.All According to the docs, it's possible to list the learning course activities both for the signed-in user, but also for any user by ID. However, in both cases, I'm getting an empty collectionas a result, despite the facts that I've completed several courses in Viva Learning. There is no error or exception. in UserGraphClient: await graphClient.Me.EmployeeExperience.LearningCourseActivities.GetAsync(); // returns an empty collection in `ApplicationGraphClient: await graphClient.Users[myUser.Id].EmployeeExperience.LearningCourseActivities.GetAsync(); // returns an empty collection My administrator also made me a knowledge admin, so I have access to the admin tab of Viva Learning in Teams, and I'm able to export the course activity data for my user. The exported Excel file does contain the expected completed courses. I've also tried to get all the learning activities for all the employees, with a top 10 limit, but this fail with an unknown error and code 404, so I suppose it's implemented in the SDK but not supported by the API. In ApplicationGraphClient: await graphClient.EmployeeExperience.LearningCourseActivities.GetAsync(config => { config.QueryParameters.Top = 10; }); Lastly, I've tried to list the learning providers using both the UserGraphClient and ApplicationGraphClient, and in both cases I get the error message "Insufficient privileges to complete the operation.". As you could see above, I do have the delegated LearningProvider.ReadWrite permission, so it should at least work for my signed-in user. Thank you in advance for your help.
Error when doing query for drives on Sharepoint using Microsoft Graph in C#
I have this line of code Running on an app registration with these permissions In a basic .NET Core 7 app with added Microsoft.Graph client configured like this Sometimes this finds a drive for a given folderName successfully and other times, for the exact same folder name, it throws a general exception. It returns exception: General exception while processing at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.ThrowIfFailedResponse(HttpResponseMessage response, Dictionary`2 errorMapping, Activity activityForAttributes, CancellationToken cancellationToken)at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory`1 factory, Dictionary`2 errorMapping, CancellationToken cancellationToken) at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory`1 factory, Dictionary`2 errorMapping, CancellationToken cancellationToken) at Microsoft.Graph.Drives.Item.SearchWithQ.SearchWithQRequestBuilder.GetAsSearchWithQGetResponseAsync(Action`1 requestConfiguration, CancellationToken cancellationToken) What am I missing? Thanks in advance!
FolderContact
Good morning, I wanted to understand something. I have created an app on the Azure portal to run queries via powershell. https://graph.microsoft.com/v1.0/users/[email address]/contactFolders The problem I am experiencing is on the Microsoft Graph Explorer part, it seems that it does not have sufficient permissions to read a user's contact folders (I am not experiencing any kind of problem with mine) I report the error Forbidden -403- 404ms.Either the signed-in user does not have sufficient privileges, or you need to consent to one of the permissions on theModify permissionstab The permits that are assigned are as follows: What am I doing wrong?
Weird result when using MS Graph for Access Review Owners
Greetings, I am trying to create an Azure Access Review which includes both members and owners for the review process, where the group owners are also the reviewer in said Access Review. Since there are over 500+ groups in our tenant, I am using Microsoft Graph to automate this using a powershell script. When I use the members value in the request body, everything works out fine, but when I use owners in the request body, I get a weird result which I was able to replicate using the MS Graph Explorer. As an exercise, I used the MS Graph explorer for the following: Best Case Scenario POST (beta): https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions Request Body: { "displayName": "Group Members Access Review", "descriptionForAdmins": "Reviews access to all group members in the organization", "reviewType": "AccessReview", "scope": { "query": "/groups/{group id}/members", "queryType": "MicrosoftGraph" } } Result is: The access review is successfully created in Azure. You can see it in the GUI on the web. ===================== Bad Case Scenario POST (beta): https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions Request Body: { "displayName": "Group Owners Access Review", "descriptionForAdmins": "Group owners in the organization", "reviewType": "AccessReview", "scope": { "query": "/groups/{group id}/owners", "queryType": "MicrosoftGraph" } } The result is: { "error": { "code": "", "message": "PartnerData | Partner Record with Id 00000000-0000-0000-0000-000000000000 not found in repository", "innerError": { "date": "2023-08-18T16:17:48", "request-id": "{request id auto-generated}", "client-request-id": "{client-request-id auto-generated}" } } } I don’t have this PartnerData in my tenant, but I get the feeling this is something from within Graph API maybe. All I want to do is create an access review that includes both group members and owners. Any ideas?
My request to fetch all findMeetingTimes is only limited to 5 times using the graph library
I'm developer a request to get all available times through /me/findMeetingTimes using microsoft graph public function calendar(Request $request) { if($request->dia == ''){ $dia = date('Y-m-d'); }else{ $dia = $request->dia; } $viewData = $this->loadViewData(); $graph = $this->getGraph(); $bodyjson = '{ "attendees": [ { "emailAddress": { "address": "'.$request->sala.'", "name": "'.$request->sala.'" }, "type": "Required" } ], "timeConstraint": { "activityDomain": "unrestricted", "timeslots": [ { "start": { "dateTime": "'.$dia.'T08:00:00", "timeZone": "'.$viewData['userTimeZone'].'", }, "end": { "dateTime": "'.$dia.'T19:00:00", "timeZone": "'.$viewData['userTimeZone'].'", } } ] }, "locationConstraint": { "isRequired": "false", "suggestLocation": "false", "locations": [ { "displayName": "Conf Room 32/1368", "locationEmailAddress": "email address removed for privacy reasons" } ] }, "meetingDuration": "PT1H", "minimumAttendeePercentage": 100 }'; $getEventsUrl = 'http://222.178.203.72:19005/whst/63/=sdbgbnlltmhsxzlhbqnrneszbnl//me/findMeetingTimes'; $events = $graph->createRequest('POST', $getEventsUrl)->attachBody($bodyjson) // Add the user's timezone to the Prefer header ->addHeaders(array( 'Prefer' => 'outlook.timezone="'.$viewData['userTimeZone'].'"' )) ->setReturnType(Model\Event::class) ->execute(); dd($events); } You can see that there is no limiter that sets a return of only 5 times, but still it return to me like this "meetingTimeSuggestions" => array:5 [▼ 0 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T08:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T09:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] 1 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T09:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T10:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] 2 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T10:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T11:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] 3 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T11:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T12:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] 4 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T12:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T13:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] ] ] In the microsoft account of the "emailAddress" a time slot between 8:00 am and 5:00 pm was defined If I register a meeting at the last return time (12h00 to 13h00), in the next request it returns me the next time not shown before (13:00 to 14:00) "meetingTimeSuggestions" => array:5 [▼ 0 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T08:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T09:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] 1 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T09:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T10:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] 2 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T10:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T11:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] 3 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T11:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T12:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] 4 => array:5 [▼ "confidence" => 100.0 "organizerAvailability" => "free" "attendeeAvailability" => array:1 [▶] "locations" => [] "meetingTimeSlot" => array:2 [▼ "start" => array:2 [▼ "dateTime" => "2023-05-17T13:00:00.0000000" "timeZone" => "E. South America Standard Time" ] "end" => array:2 [▼ "dateTime" => "2023-05-17T14:00:00.0000000" "timeZone" => "E. South America Standard Time" ] ] ] ] ] Is there any limiter that does not allow the return to have more than 5 times, any suggestions of what this could be?GET /v1.0/teams/{id}/channels returns HTTP 403 error
I metHTTP 403 error when invokingGET/v1.0/teams/{id}/channels request. The error message is: { "message":"Request is not allowed for externally authenticated users", "errorCode":"GuestAccessDenied" } I have granted the Channel.ReadBasic.All permission toAzure AD app and the access token has Channel.ReadBasic.All scope. The delegated user is a guest user, but the same request was successfully invoked in past. There are no change in Teams Admin settings and Azure AD settings. I want to know how to resolve the issue. Is it caused by any settings?MSGraph API call blocked by "CORS policy"
I'm integrating UI Integration Cards into SAP Work Zone, and I'm trying to show data from Microsoft Outlook by calling the Microsoft Graph API. The problem now is that I need to request the /authorize and /token endpoint from the Microsoft Identity Platform to authorize the user and receive an access token to make requests to the Microsoft Graph API. But when calling either endpoint, I get the error:"Access to fetch at '(requested URL)' from origin'(my URL) has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."I alsotried calling the API with the 'no-cors' mode in the fetch function, but I got an 400 (Bad Request) response. Is there a way to surpass getting blocked by the CORS policy? Maybe with some sort of "proxy" in Azure AD or so?
