I've been searching with no luck for a way to find/list all shared mailboxes in Exchange Online via webservice. Apparently Office 365 Graph does not support this yet, as posted in this answer on 2016-06-30: Get Members In Shared Mailboxes office 365
I know I could be using the EWS Managed API https://msdn.microsoft.com/en-us/library/office/jj536567(v=exchg.150).aspx to access the mail items inside a shared mailbox, but unfortunately it seems you have to know the shared mailboxes' names before accessing them.
How do I get a list of all the shared mailboxes a user has access to from some JS?
It is easy using the Exchange online cmdlets via PowerShell. You can refer the command below to get the shared mailboxes:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Get-Mailbox | where {$_.recipientTypeDetails -eq 'sharedmailbox' }
Related
I'm able to authenticate with live.com with my account on outlook.com at url
https://login.microsoftonline.com/common/v2.0
I receive an accessToken and id token.
My question is whether I can use this accessToken to retrieve exchange data about my emails through EWS API service using this token? ExchangeService.
_exchangeService = new ExchangeService(ExchangeVersion.Exchange2007_SP1) { ConnectionGroupName = Guid.NewGuid().ToString() };
_exchangeService.Credentials = new WebCredentials("xxxxxxx", "xxxxxxxx", "outlook.com");
// _credentials = new OAuthCredentials(user.PasswordToken);
// Set the URL.
_exchangeService.TraceEnabled = true;
_exchangeService.AutodiscoverUrl("xxxxx")
Authenticate to Outlook 365 through the ExchangeService.asmx in the following URL for exchange service as done in the following sample.
> https://outlook.office365.com/EWS/Exchange.asmx
My question is whether I can retrieve email data from exchange service ASMX with the idToken/accessToken supplied from live.com for outlook.com accounts?
It seems like the retrieving of data with EWS Managed API is not supported with outlook.com accounts.
you can read (in the yellow section) about it here and also here.
Basically, there are 2 portals today that apps can be created with:
Application Registration portal
Azure management portal
It states that for these reasons outlook.com accounts are not supported:
New app registrations should be created and managed in the new Application Registration Portal to be compatible with Outlook.com. This means that if you have an app that was created thru Azure Management Portal it will not be supported with outlook.com and the token will not work with outlook.com accounts.
Existing app registrations that were created in the the Azure Management Portal will continue to work for Office 365 only
Also if you created your app with Application Registration Portal The REST API is currently enabled on all Office 365 accounts that have Exchange Online and only some Outlook.com accounts. this means it is not guaranteed to all outlook.com accounts because they haven't migrated all of them (yet).
Microsoft accounts with Outlook.com mailboxes (including Outlook.com, Hotmail.com, Live.com, MSN.com, and Passport.com) are in the process of being upgraded to enable the REST APIs. During this process, making API calls to mailboxes that are not yet upgraded will return a MailboxNotEnabledForRESTAPI or MailboxNotSupportedForRESTAPI error code.
I believe EWS still works for Outlook.com accounts with BASIC(username,password) auth. We used to use it before migrating to Graph API. You'd need to ask your Outlook users to generate a special App Password though.
To simplify your Exchange/Outlook integrations check out Aurinko API
Is it possible to add users/members to Exchange admin role groups via an API? The equivalent PowerShell cmdlet would be Add-RoleGroupMember and the specific group I wish to add to is View-only Organization Management.
Microsoft Graph has an endpoint to add to directory roles, however I can't seem to find a "View-only Organization Management" group listed in my tenant's DirectoryRoles or DirectoryRoleTemplates, so I suspect MS Graph hasn't got access to these Exchange role groups. Poking around the Outlook API has not revealed much in the form of user/member functions either.
Extra info added from further poking around
I ran this PowerShell cmdlet:
Add-RoleGroupMember
-identity "View-only Organization Management"
-member "user#domain.onmicrosoft.com"
Then ran:
Get-RoleGroupMember -identity "View-Only Organization Management"
To confirm that the user was in fact added to it. I then ran the following MS Graph call:
GET https://graph.microsoft.com/v1.0/users/user#domain.onmicrosoft.com/memberOf
And it returned zip:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
"value": []
}
So it looks like this particular View-only Organization Management roleGroup is not accessible via MS Graph? Are there any other APIs that would allow me to add to this roleGroup?
So https://graph.microsoft.com/v1.0/directoryRoleTemplates lists the available out-of-the-box "Directory" roles that you can set. I put Directory in quotes, because these roles do include Exchange, SharePoint and Skype service admins (as well as other roles). The thing to note here is that only the "implicit" user role and the Company Administrator role are available from the get go. The others need to be enabled/activated if you want them to show up and use them. This is described here: https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/directoryrole.
Once you've activated the "Exchange Service Admin" role, you should be able to assign users to this role using https://graph.microsoft.io/en-us/docs/api-reference/v1.0/api/directoryrole_post_members.
If you are looking to use Azure AD PowerShell, this capability is ALSO available. You can find info here for V2 Azure AD PowerShell https://learn.microsoft.com/en-us/powershell/azuread/v2/azureactivedirectory. In the search type "DirectoryRole" and you'll find all the DirectoryRole cmdlets.
How do I authenticate my (desktop) user to a local Outlook exchange server using EWS when posting a Service Request without manually inputting my network credentials via the NetworkCredential class? is this only possible via Office365 online (Non desktop)?
TL;DR version
Is there any way to access ExtendedProperties on a resources that does not belong to the logged in user from an Outlook add-in?
Detailed version
We are setting ExtendedProperties on a CalendarFolder associated with a resource. We tried to access these ExtendedProperties from our Outlook add-in, however, since the CalendarFolder does not belong to the logged in user, the Outlook JavaScript API returned with an error when we used: mailbox.makeEwsRequestAsync()
Office extension have no permissions to access any other mailboxes
then the mailbox provided in the user context
The logged in user does have owner permissions on the CalendarFolder for the resource (Set-MailboxFolderPermission -Identity RoomResource#domain.com:\calendar -User admin -AccessRights Owner)
We are able to access the ExtendedProperties as expected when we create a simple console app and use the .NET Managed API, so we figured we could call the same EWS endpoint (/EWS/Exchange.asmx) from our add-in.
We first get an access token (using mailbox.getUserIdentityTokenAsync) and pass that with our call to the EWS endpoint directly from our add-in.
When we make an AJAX call to that endpoint, we are getting a 401 Unauthorized response from Exchange with the header:
x-ms-diagnostics:2000001;reason="The callback token is missing one or more expected claim types.";error_category="invalid_token"
Question
Is it possible to call the /EWS/Exchange.asmx endpoint on Exchange (on-prem and online) using oAuth? If so, how can we get a valid token that will validate. Can we ask for additional claims when requesting a token?
Whether OutlookSDK at dev.outlook.com could access Office365 user data (calendars, contacts, mail)?
How's about Microsoft Graph API, could them be able access live.com users? (calendars, contacts, tasks, mail)?
I'm curious at this point, want to know what SDK is best for accessing both live.com user data and Office365 user data.
I already try Microsoft Graph API iOS SDK to authenticate Live Id user, but couldn't success, only able to authenticate Office365 user
OutlookSDK as well, unable to authenticate Office365 user, only able to authenticate Live ID
Thanks.
Carefully take a look at the instructions here: https://dev.outlook.com/RestGettingStarted/Overview
To write an app against both Office 365 and outlook.com you will need to register your application in the new application registration portal here: https://apps.dev.microsoft.com/Disambiguation?ru=https%3a%2f%2fapps.dev.microsoft.com%2f
Additionally you will need to make sure that your Outlook.com account has been upgraded to the new service. If it has not, then you will need to follow the instructions to request an account in the preview service from: outlookdev#microsoft.com or create a new account which should automatically be provisioned in the new service.
Yes - You can use Outlook APIs to access mail, calendars, and contacts for Office 365 users and Outlook.com
Also, You can use the Microsoft Graph API to access fixed entities like users, groups, mail, messages, calendars, tasks, and notes coming from services like Outlook, OneDrive, Azure Active Directory, Planner, OneNote and others.
I suggest using O365 APIs to do Live id user authentication - https://msdn.microsoft.com/en-us/office/office365/api/
Check this link as well: http://dev.office.com/getting-started/office365apis