Tag: microsoft graph

Did you know … you can create a Team using a template?

We’ve created Teams for several similar projects – and it’s time consuming to configure the new team with all the configuration that we’ve found works well for the project. And then I’ve got to add the usual suspects to the new Teams space. None of these are particularly laborious, but not creating the Teams space on a blank slate would certainly save time. Is there a better way?

Yes! I can create new Teams using existing Teams as a template. Click “Join or create a team”.

Click “Create team”

Click the link to “Create a team using an existing Team as a template” – there’s no need to add a Team name or description here.

Click the radio button in front of the Team you wish to copy and click “Choose team”.

Provide a name and description for the new Team. You can select which elements will be copied from the original Team – for our migrations, I can put core team members in the template source & add only the specific individuals being migrated.

I’ve had problems with some 3rd party apps partially coming though … not enough that they work, but enough that I cannot just install the app either (or uninstall it). My current recommendation is to remove 3rd party apps from the template team.

When you have finished making your selections, click “Create”.

Wait for it – this takes longer than just creating a team. You can watch the purple line spin, or you can close the status window.

If you watch the purple line spin, you’ll be given the option of adding additional members. Either add members or skip this step.

Voila – a new Team with all of the channels I had set up in my original Teams space.

It is important to realize that content is not copied – while tabs are created, you will need to create a new Wiki, OneNote, Planner, etc. Click on the tab, and you will be prompted to create the item for your new Teams space.

You’ll need to input URLs for Website tabs.

Alternately, you can use the Microsoft Graph API to create Teams. You can create a Teams space with channels, pre-configured tabs, and even pre-installed apps.


Ugh! MFA

I am trying to use Microsoft Graph to read/write an Excel spreadsheet stored in SharePoint. It’s an ugly process to start with — they don’t exactly make it easy to find the right ID numbers so you can reference the spreadsheet in the first place, but I finally got the proper URL. And then I tried to do the password-based token authentication.

{“error”:”invalid_grant”,”error_description”:”AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r\nTrace ID: b43d1973-c253-4889-8756-354e5bd77200\r\nCorrelation ID: 9cf94602-9d72-4790-8dcc-6cf0471058f9\r\nTimestamp: 2019-01-08 00:01:47Z”,”error_codes”:[70002,50126],”timestamp”:”2019-01-08 00:01:47Z”,”trace_id”:”b43d1973-c253-4889-8756-354e5bd77200″,”correlation_id”:”9cf94602-9d72-4790-8dcc-6cf0471058f9″}

Hint: the password isn’t wrong. I’ve seen a lot of comments online about this meaning the secret is wrong — which seemed reasonable, since I’m not seeing any auth traffic against the user account. But if you put in a known bad secret, there is a different invalid secret error.

{“error”:”invalid_client”,”error_description”:”AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: 59f4c7c8-73ab-4adb-bf15-10250a190d00\r\nCorrelation ID: 0a95810c-19e2-4fc6-a7be-c0ca7235d824\r\nTimestamp: 2019-01-08 00:00:37Z”,”error_codes”:[70002,50012],”timestamp”:”2019-01-08 00:00:37Z”,”trace_id”:”59f4c7c8-73ab-4adb-bf15-10250a190d00″,”correlation_id”:”0a95810c-19e2-4fc6-a7be-c0ca7235d824″}

But we use MFA … and I’ve got no way to perform the MFA validation. Sigh!

Microsoft Graph — Application Registration

The application I am registering will pull report data from Graph for use within existing company systems. I will be assigning application-level permissions and no callback URL is needed.

To register an application, log into http://portal.azure.com and select “Azure Active Directory” from the left-hand navigation column. Then select “App Registrations (preview)”.

Click on “New registration”

Provide a descriptive name for the application — tenant managers can see all of the registered applications and it’s a lot easier if you ask them to approve access for “Specific Application Name For Engineering” than “LJR Test”.

The application will be created and you will be brought to the app overview. Select “API permissions” then click the “Microsoft Graph” hyperlink.

Click on “Application permissions”

And find the permissions you need. For the script I want to run, I need Reports.Read.All. Click “Update permissions” to save your changes.

If you are a tenant admin, you can approve your own rights. Otherwise, you’ll need to contact a tenant admin and have them approve the permissions you have requested. Once the permissions have been acknowledged, you’re ready to go.

You will need the app ID and a secret for use within your code. The application ID is listed on the application “Overview”.

To create a secret, select “Certificates & secrets” then click “New client secret”. This is displayed one time, so copy it into your code now.