Develop Reference

How to get date of tag from Azure Devops Cli

I'm using the Azure devops cli to get a list of the tags for a particular repo. Documented here: https://learn.microsoft.com/en-us/cli/azure/repos?view=azure-cli-latest. For example
az repos ref list -p <project>-r <name of repo> --filter tags
The result looks something like this
[
{
"creator": {
"descriptor": "aad.ODAzODM5N2YtNWE3Yi03MzBkLThlNTktMzhmMTJlOTU0MTJi",
"directoryAlias": null,
"displayName": "<name>",
"id": "8038397f-5a7b-630d-8e59-38f12e95412b",
"imageUrl": "https:<redacted>",
"inactive": null,
"isAadIdentity": null,
"isContainer": null,
"isDeletedInOrigin": null,
"uniqueName": "<email>",
"url": "https://<redacted>"
},
"isLocked": null,
"isLockedBy": null,
"name": "refs/tags/1.0.0-tag-name",
"objectId": "6ed8645a6e1c6686aa9eead0e60365665d76dfb5",
"peeledObjectId": null,
"statuses": null,
"url": "https://<redacted>"
}
]
There does not seem to be a date available. I get the object id and if this was local, I could do git show <objectid>, but there doesn't seem to be anything in the api to get the date or any other specific information, based on an object id
Just to clarify, in my case, the date of tag creation and the date of commit is typically the same so either would be fine

I am afraid that Azure DevOps CLI doesn't support to get the specific information based on Object Id of the Repo tag.
I suggest that you can use Rest API to achieve the requirement: Annotated Tags - Get
Rest API:
GET https://dev.azure.com/{organization}/{project}/_apis/git/repositories/{repositoryId}/annotatedtags/{objectId}?api-version=6.0-preview.1
Result sample:
{
"name": "refs/tags/v0.1-beta2",
"objectId": "69080710948ac8ba63e44eca2daf0b30f38c428d",
"taggedObject": {
"objectId": "c60be62ebf0e86b5aa01dbb98657b4b7e5905234",
"objectType": "commit"
},
"taggedBy": {
"name": "Norman Paulk",
"email": "Fabrikamfiber16#hotmail.com",
"date": "2017-06-22T04:28:23"
},
"message": "First beta release",
"url": "https://dev.azure.com/fabrikam/c34d5807-1734-4541-ad1c-d16e9ac1faca/_apis/git/repositories/ca93c3a5-87bb-4b5b-a62f-1f971d677c79/annotatedTags/69080710948ac8ba63e44eca2daf0b30f38c428d"
}
You can also use Rest API to list tags of the repo: Refs - List

How to know if current logged in user is tenant admin using graph api

I have a requirement to check if logged in user is tenant admin or not using MS graph api. I tried below https://graph.microsoft.com/v1.0/me/ and get below response and there is nothing related to roles in below response. How to determine whether the below "id" is tenant Admin or not?
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"businessPhones": [],
"displayName": "",
"givenName": "",
"jobTitle": null,
"mail": "",
"mobilePhone": null,
"officeLocation": "",
"preferredLanguage": ,
"surname": "",
"userPrincipalName": "",
"id": "Guid"
}

You can use Get https://graph.microsoft.com/v1.0/me/memberOf to implement your requirement.
If the first item of the value in the api response data is Company Administrator, the logged in user is admin. If not, the user is not admin (shown as below screenshot).

Optional claims in access token of azure missing for in_corp, vnet etc

I have been trying to get accesstoken with flag of in_corp and vent of the company within access token. I have added optional claims in manifest file, however it is not coming in access token.
"accessToken": [
{
"name": "in_corp",
"source": null,
"essential": true,
"additionalProperties": []
},
{
"name": "vnet",
"source": null,
"essential": true,
"additionalProperties": []
},
{
"name": "fwd",
"source": null,
"essential": true,
"additionalProperties": []
},
{
"name": "nickname",
"source": null,
"essential": true,
"additionalProperties": []
}
],

From office network I have been checking the token. Is there anything
in Azure AD security settings that needs to be checked?
No, there is nothing else needed to be done to get the optional claims. If there is a value for it, it will exit in the token. Your company must have configured ADFS, and your account is Synchronized to azure ad.
where should I ensure whether I am using V1 or V2?
You can check the value of accessTokenAcceptedVersion in manifest. Refer to this for the details.
if we are using V1, what are the steps to get the token from V2 then?
You can find the v1.0 and v2.0 optional claims set here.
In conclusion, though you added the optional claims, you still didn't get these claims since there are no values mapped with them.

Why do different Microsoft Graph APIs return different data

I'm using the Microsoft Graph Users API to validate a list of user names or email addresses against our ActiveDirectory. The name search:
https://graph.microsoft.com/v1.0/me/people/?$search=john.smith
returns additional data such as officeLocation and jobTitle. But if I use the email search:
https://graph.microsoft.com/v1.0/users/john.smith#company.com
these additional fields are empty. I've enabled these API permissions in Azure:
People.Read
User.Read
User.ReadBasic.All
email
Do I need additional permissions to get the same data?
Update: I tried this in https://developer.microsoft.com/en-us/graph/graph-explorer as suggested below and it works, but Graph Explorer comes with these permissions by default which can't be disabled:
Calendars.ReadWrite
Contacts.ReadWrite
Directory.Read.All
Files.ReadWrite.All
Mail.ReadWrite
Notes.ReadWrite.All
openid
People.Read
Sites.ReadWrite.All
Tasks.ReadWrite
User.ReadBasic.All
User.ReadWrite
Update 2: I'm using Python 3.7 so I borrowed device_flow_session() from https://github.com/microsoftgraph/python-sample-console-app/blob/master/helpers.py#L25. The data I get back from https://graph.microsoft.com/me/people/?$search=John.Smith looks like:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users("XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX")/people",
"value": [{
"id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"displayName": "John Smith",
"givenName": "John",
"surname": "Smith",
"birthday": "",
"personNotes": "",
"isFavorite": False,
"jobTitle": "Software Engineer",
"companyName": "Company",
"yomiCompany": "",
"department": "Fish",
"officeLocation": "London",
"profession": "",
"userPrincipalName": "John.Smith#company.com",
"imAddress": "sip:John.Smith#company.com",
"scoredEmailAddresses": [{
"address": "John.Smith#company.com",
"relevanceScore": -6.0991198031917175,
"selectionLikelihood": "notSpecified"
}
],
"phones": [],
"postalAddresses": [],
"websites": [],
"personType": {
"class": "Person",
"subclass": "OrganizationUser"
}
}
]
}
Whereas the data from https://graph.microsoft.com/users/John.Smith#company.com is:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"businessPhones": [],
"displayName": "John Smith",
"givenName": "John",
"jobTitle": None,
"mail": "John.Smith#company.com",
"mobilePhone": None,
"officeLocation": None,
"preferredLanguage": None,
"surname": "Smith",
"userPrincipalName": "John.Smith#company.com",
"id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}

Based on my test, I found that the information obtained by these two APIs came from different places.
"officeLocation" returned from /me/people seems to be maintained in SharePoint. You can sign in https://apc.delve.office.com/?u=3df5295a-e4b1-46fe-8969-e715ccd11077&v=editprofile to check it.
"officeLocation" returned from /me or /users/{id | userPrincipalName} is maintained in Azure AD. So you can check it in Azure AD -> Users.
After I update the "Office" in Azure AD, I query with the two endpoints. But they gave me two different result. One (/me/people) is old and the other one (/users/{id | userPrincipalName}) is new. Maybe this will take some time to synchronize. Or maybe they won't sync.
I also test it in Microsoft Graph Explorer. And the "officeLocation"s are different as well. So I'm not sure why Microsoft Graph Explorer works fine for you. But you can dig it along with my ideas.
I hope my findings will be helpful to you.

Each "service" in the Graph (Active Directory, Exchange, SharePoint, etc.) make decisions on the data to return by default in calls. These decisions are made to best suit Microsoft in running the service, not necessarily what callers need. ;) I suggest adding the $select parameter to specify the attributes you require.
From https://learn.microsoft.com/en-us/graph/query-parameters#select-parameter:
Important: In general, we recommend that you use $select to limit the
properties returned by a query to those needed by your app. This is
especially true of queries that might potentially return a large
result set. Limiting the properties returned in each row will reduce
network load and help improve your app's performance.
In v1.0, some Azure AD resources that derive from directoryObject,
like user and group, return a limited, default subset of properties on
reads. For these resources, you must use $select to return properties
outside of the default set.

What does it mean "Property has an invalid value"?

During the creation of a batch of users in Azure AD by using the Graph API version 1.0 I receive the followiing error message:
Property has an invalid value
As you can see, there is not property name in the message, so I can't understand the real problem. What I can say is that those users have no particular conditions among the all others successfully created.
Any ideas?
Update 1:
As people asked, below are the post data. Since there is sensitive data, I have to changed names and som other personal data:
POST https://graph.microsoft.com/v1.0/users
And the JSON payload:
{
"accountEnabled": false,
"country": "BR",
"displayName": "Jane Sagan",
"givenName": "Jane",
"mailNickname": "jane.sagan",
"otherMails": [
"jane.sagan.#gmail.com"
],
"passwordProfile": {
"forceChangePasswordNextSignIn": false,
"password": "J#n3Sa8aN"
},
"surname": "Sagan",
"usageLocation": "BR",
"userPrincipalName": "jane.sagan#university.br",
"userType": "Member"
}

The property "otherMails" doesn't support the format "jane.sagan.#gmail.com".
Username cannot end with '.' in O365. You can have a try (create a user whose username ends with '.') in O365 portal to verify it.