Hi All,
I recently had a customer that wanted to write an Application to read the Availability (Free/Busy) from the Calendars of theyr users.Here is how you can do that with Microsoft Graph.
First you need an Application in Azure Active Directory with an AppID / ClientID
Then you need to be able to Authenticate. I usually use a Certificate for that purpose.
As for the Permissions, the Application needs the following:
App needs Application Permissions:
- Calendars.Read (Only for the Mailbox where you make the Requests from - Limit with ApplicationAccessPolicy)
- Schedule.Read.All
Now we need to Limit the Calendars.Read to the Mailbox where the Availability Requests (aka Free/Busy) requests are made from.
New-ApplicationAccessPolicy -AccessRight RestrictAccess -AppId b1fe3302-d057-4fe3-84ac-c507ecdb6d0d -PolicyScopeGroupId PostmasterGraphRestriction@icewolf.ch -Description "Restrict this app to members of this Group"
Get-ApplicationAccessPolicy | Where-Object {$_.AppId -eq "b1fe3302-d057-4fe3-84ac-c507ecdb6d0d"}
Now we can test it
Test-ApplicationAccessPolicy -AppId b1fe3302-d057-4fe3-84ac-c507ecdb6d0d -Identity postmaster@icewolf.ch
Test-ApplicationAccessPolicy -AppId b1fe3302-d057-4fe3-84ac-c507ecdb6d0d -Identity max.muster@icewolf.ch
I've tested it with the Example from the Docs Site
Only got an Error and could not figure it out. Write me if you found a Solution that works.
Connect-MgGraph -AppId $AppID -CertificateThumbprint $Thumbprint -TenantId $TenantId
Import-Module Microsoft.Graph.Users.Actions
$params = @{
Schedules = @(
"m.muster@icewolf.ch"
)
StartTime = @{
DateTime = "2022-05-09T06:00:00"
TimeZone = "W. Europe Standard Time"
}
EndTime = @{
DateTime = "2022-05-09T15:00:00"
TimeZone = "W. Europe Standard Time"
}
AvailabilityViewInterval = 60
}
$jsonArray = $Params | ConvertTo-Json -Depth 4
$UserId = "postmaster@icewolf.ch"
Get-MgUserDefaultCalendarSchedule -UserId $userId -BodyParameter $Params
All right, i've created two Appointments in the Calendar of max.muster@icewolf.ch. The second one is private.
The Calendar Permissions for "Default" are "AvailabilityOnly"
Get-MailboxFolderPermission -Identity max.muster@icewolf.ch:\Kalender
So let's try it with a pure Graph Call.
#Variables
$AppID = "b1fe3302-d057-4fe3-84ac-c507ecdb6d0d"
$Thumbprint = '4F1C474F862679EC35650824F73903041E1E5742'
$TenantId = "icewolfch.onmicrosoft.com"
$Certificate = Get-Item "Cert:\CurrentUser\My\$Thumbprint"
#Get AccessToken with MSAL Certificate Auth
Import-Module MSAL.PS
Clear-MsalTokenCache
$RedirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient"
$Token = Get-MsalToken -ClientId $AppID -TenantId $TenantID -RedirectUri $RedirectUri -ClientCertificate $Certificate
$AccessToken = $Token.AccessToken
#Get Availability (aka Free/Busy)
$From = "postmaster@icewolf.ch"
$URI = "https://graph.microsoft.com/v1.0/users/$From/calendar/getSchedule"
$ContentType = "application/json"
$Headers = @{"Authorization" = "Bearer "+ $AccessToken}
$Body = @{
Schedules = @(
"max.muster@icewolf.ch"
)
StartTime = @{
DateTime = "2022-06-06T06:00:00"
TimeZone = "W. Europe Standard Time"
}
EndTime = @{
DateTime = "2022-06-12T19:00:00"
TimeZone = "W. Europe Standard Time"
}
AvailabilityViewInterval = 60
}
$jsonBody = $Body | ConvertTo-Json -Depth 4
$result = Invoke-RestMethod -Method "POST" -Uri $uri -Headers $Headers -ContentType $ContentType -Body $JsonBody
$Result.value.scheduleItems
If we change the Permission to Reviewer
Set-MailboxFolderPermission -Identity max.muster@icewolf.ch:\Kalender -User Default -AccessRights Reviewer
We can now even see the Subject and some more Details. But not for the Item with the Private Flag. We see only that he is not available then.
$result = Invoke-RestMethod -Method "POST" -Uri $uri -Headers $Headers -ContentType $ContentType -Body $JsonBody
$Result.value.scheduleItems
Summary:
This is an easy way to read the Calendar of your Organization Mailbox Users.
It respects the MAPI Permissions set to a Calendar.
You can add your ServiceAccount as a dedicated Permission Entry on the Calendar
Add-MailboxFolderPermission -Identity max.muster@icewolf.ch:\Kalender -User postmaster@icewolf.ch -AccessRights Reviewer
Regards
Andres Bohren
Hi All,
I've only worked a few Times with Loop Components in Teams so far.
Just a few things that are good to know:
- Loop Components are saved on OneDrive (with all the Hassle of one User leaving the Company)
- Loop Components can only used be on Chat (Channels not supportet so far)
- There are some Limitations to Loop Components with Compliance Search (no viewer so far)
Overview of Loop components in Teams
Manage Loop components in SharePoint
First things to know about Loop components
Transforming creation and collaboration with Microsoft Loop components in Teams chat now available!
Check if the Fluid Settings in Sharepoint are enabled (was by default in my case)
Connect-SPOService -Url https://icewolfch-admin.sharepoint.com
Get-SPOTenant | fl *fluid*
Send a Loop component in Teams chat
In the Chat cklick at the Fluid Symbol and select a Component
Give it a Tile and add the Items. Then hit send
As you can see the *.fluid File has been saved on my OneDrive
If you click on the Item, you can edit the Item in the Browser (works also with OneDrive Sync and opens the Browser too)
Regards
Andres Bohren
Hi All,
In May Microsoft has anouced, that Calling Pickers in Teams will also use Exchange Contacts.
The Rollout started in May and should be finished in mid June.
When i search in Teams Calling for that user it will be found and presented to Call
Regards
Andres Bohren