I'am trying to get user phones from Azure AD using Graph API but without luck.
If I in Powershell use the MsOnline module and issue the following command:
get-azureAdUser | select userPrincipalName,mobile,telephonenumber
I get a userlist including all the telephone numbers.
But if I in Graph use the command
https://graph.microsoft.com/v1.0/users?$select=userPrincipalName,mobilephone,businessphones
the telephone fields is empty. The list contains the same users, but much of the information is missing.
Is it possible to get the phone numbers using Graph API by using some other command?
Few things to check:
Please check access token you are using has necessary permissions. Refer documentation to learn about required permission to access.
For example, you need to use either Directory.Read.All or User.Read.All. Both however require Admin Consent
Also consider Phone Numbers are not available for personal Microsoft Accounts (MSA). They're only returned for Work/School accounts (AAD)
If you still face issues, share request id and timestamp from Graph Explorer.
Related
I am currently working on a project where I am needing to find the active username (not the device name or hostname) of associates on the machines. Since there was no standard naming convention when the devices were provisioned, I am looking to find a way to figure out or see the last logged in users through Azure AD or Intune.
Not sure if I am making this post in the correct place, if not please be kind and suggest where I should post this.
Thanks!
To fetch the details of last logged on users on Intune, make use of below query in Microsoft Graph Explorer:
GET https://graph.microsoft.com/beta/deviceManagement/managedDevices/{managedDeviceId}
The above query will only work on beta version of Microsoft Graph.
Please check the required permissions below:
In the output response, you can find the UserId and LastlogonDateTime in usersLoggedOn field.
In order to display the username via UserId, make use of powershell script mentioned in this reference.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant. Beta version is subject to change don't use it for production.
For more information, please refer below links:
Get windowsManagedDevice - Microsoft Graph beta | Microsoft Docs
Find out last logon user of MDM assigned Coporate Device - Microsoft Q&A
My goal is to get the Azure AD users who have been assigned the Classic Administrator role in an azure subscription.
I use the REST api's Classic Administrators - List to retrieve all classic admins but it returns an Email which is not unique enough and an ID called netId/puid which is not present on the user returned from the Graph API.
I followed the Azure Portal's network to see how it gets the users for AAD but it queries the Graph API with an internal API version '1.61-internal' that I can't use.
Does anyone know on a way to retrieve this information?
Thanks
There is not an exposed API to match netId/puid with users.
But you can get the puid from the access token.
Or you could use Microsoft 365 Powershell cmdlet Get-MsolUser -UserPrincipalName "{upn}" | fl to get the user and find the LiveId property.
Record the puid or LiveId above and the corresponding user information to your local configuration file and match them with the name property in response of Classic Administrators - List.
Then you can get the corresponding users who are classic Administrators.
It's just a workaround and there are many workloads. I don't think it is a good method but there is no other way.
I'm trying to build a small application that can retrieve a particular user's calendar events without a signed in user, that is to utilize the application permissions in Graph API and query the events by authenticating with App ID, Tenant ID and Secret values. I was able to follow this documentation https://learn.microsoft.com/en-us/graph/auth-v2-service and generate JWT tokens to query the graph API. And it worked fine when i tried to retrieve all the users information, or even retrieve a particular users information using the following paths.
/users
/users/{id | userPrincipalName}
Both the above endpoints worked fine and i was able to retrieve details, but when i tried to access the calendar events of a particular user using the following Graph API path
/users/{id | userPrincipalName}/events
I get the following error,
I'm not sure what i'm doing wrong here, i have the following Application permissions set up in Azure AD Portal and the permissions are reflected in the JWT token.
I feel like the token generation part is working fine since the first two Graph API endpoints i mentioned above are functional, but I'm not sure where else I'm going wrong and as to why I'm not able to retrieve a particular user's calendar events. Any help would be much appreciated.
Basically, I just want to use Microsoft Graph to get a list of active directory users and their email addresses.
Ideally, I could get all the admin users for a certain subscription.
How do I do that? I couldn't find any good examples online.
Assuming you have the correct access to a tenant, and an authenticated token granting you access to the Microsoft Graph, you can use the following REST API calls to get the data you are looking for:
List Users - Documentation
GET https://graph.microsoft.com/v1.0/users
List Admins (via directory roles) - Documentation
This is a multi-step process. First you must find the directory role for the Company Administrator, which will always have the roleTemplateId of 62e90394-69f5-4237-9190-012177145e10. This should not be confused by the actual directory role id, which will be different per directory.
GET https://graph.microsoft.com/v1.0/directoryRoles
Then you want to list the users who are a part of that directory role:
GET https://graph.microsoft.com/v1.0/directoryRoles/<id>/members
If you really need to get started from scratch, I recommend you look at this PowerShell sample I made which simplifies authentication, and allows you to make queries to resource endpoints like the Microsoft Graph.
https://github.com/shawntabrizi/Microsoft-Authentication-with-PowerShell-and-MSAL
My goal is to list the calendar events of an Office 365 group using the Microsoft Graph API.
The endpoint used is https://graph.microsoft.com/v1.0/groups/{id}/events based on the documentation. Using the Graph Explorer, I'm able to get the information with my delegated permissions. The problem is when I make the same call using application permissions. I'm positive JWT token contains the required roles to make the call (Group.Read.All, Group.ReadWrite.All) but I'm getting the following error:
Access is denied. Check credentials and try again
Curiously enough, I'm able to get the group /v1.0/groups/{id} but whatever is related to it's calendar and events isn't accessible.
Using application permissions to look at group resources/contents is not currently supported. Please see known issues here: https://developer.microsoft.com/en-us/graph/docs/concepts/known_issues#groups-and-microsoft-teams.
If this is required for your scenarios, please vote for
https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/suggestions/18747862-app-authentication-to-retrieve-conversation-messag or
https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/suggestions/16851937-allow-application-only-consent-to-read-conversation
Both of which are about app-only access to group conversations (similar to group events).
Otherwise please create a new user voice request.