Graph API News: APIs for managing shared channels now available in Microsoft Graph

The roll out for the Microsoft Teams Connect shared channels has already started, making thousands of customers very happy. As a software vendor who builds a governance and provisioning solution for Microsoft 365, I am not only interested in the feature roll out but also in the API support for it so I can extend my product accordingly. Today, I want to share with you that the APIs for managing shared channels are available in Microsoft Graph as a beta release. In this blog post, I won’t go through the benefits of shared channels because this has already been presented by other authors (for example, Microsoft Teams Connect shared channels is rolling out to public preview); rather, I will focus on the newly introduced APIs.

Important: Currently, the Microsoft Graph API to create a shared channel is only available to a limited audience. This means that many customers cannot create shared channels programmatically and have to use the Microsoft Teams client for that. For now, only the Microsoft Graph APIs to manage shared channels are available!

Actually, I was a bit surprised by this statement, but I trust that the corresponding team at Microsoft has a good reason for that. In general, I was really looking forward to the API to create shared channels so I can use it in my provisioning and governance solution. I think for now, we just need to wait for the release of this API, which will happen hopefully soon.

Anyway, the APIs for managing shared channels are available, which is already a very good start for governance-related scenarios. I created the following structure that helps me to better understand the use cases where the new shared channel APIs can be used:

Maintain shared channels in user-related scenarios 

• List teams that a user is associated with
• List the users allowed to access a shared channel
• Check whether a user has access to a shared channel

Maintain scenarios when a team hosts one or more shared channel

• List teams shared with a channel
• Get a team shared with a channel
• Unshare a channel with a team

Maintain scenarios when teams have associated shared channels 

• List all channels in a team (either in the team or shared with the team)
• List only channels shared with a team
• Remove a shared channel from a team

I look forward to Microsoft to also release the API to create shared channels for all customers. For now, my team and I will give the new shared channels APIs a try so we can learn and understand them better 😁

Thanks for reading,
Jarbas

Graph API News: API to list all Microsoft Teams in a tenant is now available

So far, to list all Microsoft Teams teams in an organization programmatically, you had to work with the groups API. I believe that the preferred approach has been to filter all groups by the resourceProvisioningOptions property to get only those groups that have teams. The following is an example of this request:

GET /groups?$filter=resourceProvisioningOptions/Any(x:x eq 'Team')

However, this request returns a response that is partially helpful. On the one hand, it returns all groups that have teams. On the other hand, additional requests are needed to return team specific properties, such as isArchived, specialization, and webUrl.

The Microsoft Graph Teams team has just introduced a new BETA API that allows users to list all teams in a tenant:

GET /teams

The not-so-good part of this implementation is the limited number of properties (id, displayName, and description) that a call to GET /teams return. Basically, it gives you less data than working with the groups API that, for example, also returns the group/team’s visibility. Nevertheless, progress is progress 😀 and I appreciate the invest. In general, I hope the list of supported properties returned from a GET /teams call will increase rapidly. This would help developers to reduce the number of additional requests to retrieve all teams related properties and consequently improve applications. 

The following example shows the response of a GET/teams request. You will notice that the response body also contains a set of other properties that are returned with null, which represents a behavior similar to a call to GET/joinedTeams.

{
   "@odata.context":"https://graph.microsoft.com/beta/$metadata#teams",
   "value":[
     {
         "id":"b4f36c5f-c66e-4212-9b87-8817dabd8230",
         "createdDateTime":null,
         "displayName":"Project Alpha",
         "description":"All about the Project Alpha.",
         "internalId":null,
         "classification":null,
         "specialization":null,
         "visibility":null,
         "webUrl":null,
         "isArchived":null,
         "isMembershipLimitedToOwners":null,
         "memberSettings":null,
         "guestSettings":null,
         "messagingSettings":null,
         "funSettings":null,
         "discoverySettings":null
     },
     {
         "id":"78ee08a5-6c7d-4136-b2ca-78b049738f96",
         "createdDateTime":null,
         "displayName":"Project Alice",
         "description":"All about the Program Alice.",
         "internalId":null,
         "classification":null,
         "specialization":null,
         "visibility":null,
         "webUrl":null,
         "isArchived":null,
         "isMembershipLimitedToOwners":null,
         "memberSettings":null,
         "guestSettings":null,
         "messagingSettings":null,
         "funSettings":null,
         "discoverySettings":null
     }
   ]
}

For more details on this API, see List teams.

Keep in mind that the use of Microsoft Graph BETA APIs for production applications is not supported because BETA APIs are subject to change. I am crossing my fingers that this specific API will indeed change, for example, all teams related properties will be returned with proper values 😊

Thanks for reading,
Jarbas Horst

Upgrade from classic authentication experience in Azure Functions

The classic Authentication / Authorization experience in Azure Function apps will be removed from the Microsoft Azure portal in December 2021. As a result of a lack of Microsoft documentation, we don't know currently what side effects this change will bring to the way how authentication will be handled for Azure Function apps that remain in the old model. To avoid potential issues, I've followed the Microsoft instructions and upgraded to the new authentication experience. For more details, see how to configure your Azure Function app to use Azure Active Directory login. 

The following steps describe how I upgraded from the classic authentication experience in a secured Azure Function app:

1. Go to the Azure portal > Your secured Azure Function app  > Authentication

2. If the Authentication page shows a warning indicating that the classic Authentication experience will be removed and it includes an Upgrade button, it means that the classic Authentication experience is still in use:

However, if you experience an UI that is different than the one demonstrated in the previous image, the Azure Function app already uses the new experience and no further actions are required.

3. To upgrade to the new Authentication experience, click on the Upgrade button. Now, read the instructions carefully and click again on Upgrade:

4. Wait for the upgrade to complete, which might take a few seconds.

5. After the upgrade to the new Authentication experience has finished, you will see an UI that is similar to the one demonstrated in the following image:

The upgrade process is done if you have followed all the previous steps.

Thanks for reading,

Jarbas

Graph API News: API to add members in bulk to a team reached GA

As an active consumer of Microsoft Graph endpoints in the solutions I manage, I’m always happy when beta endpoints reach general availability (GA). That happened again in the Microsoft Graph Teams APIs. The endpoint to add members in bulk to a team has officially reached GA 🥳 after being for almost nine months only available via beta.

This API allows developers to add multiple users within a single request to a specific team. Previously, developers had to make multiple single requests to add many users to a team which can be a slow process. Also, the error handling mechanism is for sure one additional advantage that this API offers. If a request fails to add one or more users to a team, you get an HTTP response that indicates the users that could and couldn’t be added. For example, if you try to add a user that doesn’t exist in your organization anymore, the HTTP response will contain a NotFound code for that specific user.

The following example shows a request to add members in bulk to a team:

POST https://graph.microsoft.com/v1.0/teams/b55bd212.../members/add
{
  "values":[
      {
         "@odata.type":"microsoft.graph.aadUserConversationMember",
         "roles":[
            
         ],
         "user@odata.bind":"https://graph.microsoft.com/v1.0/users(9fa90cf1...')"
      },
      {
         "@odata.type":"microsoft.graph.aadUserConversationMember",
         "roles":[
            "owner"
         ],
         "user@odata.bind":"https://graph.microsoft.com/v1.0/users(5e07f5b3...')"
      }
   ]
}

For more details on this API, check out the official documentation.

Thanks for reading,
Jarbas

The Microsoft Azure Cosmos DB security flaw and the impact on customers

On August 12, 2021, the cyber security researcher Wiz reported to Microsoft a vulnerability in Microsoft Azure Cosmos DB that potentially allowed intruders to gain access to customer’s database by using the Cosmos DB primary read-write key. According to Microsoft, the flaw was related to a data visualization feature called Jupyter Notebook. In a blog post, Wiz pointed out that this feature was introduced in 2019 but it has been enabled by default for new DBs since February 2021. What made me think whether my customers or my environments could have been affected.

In an official statement, Microsoft shares that this security issue was fixed immediately to keep the customers protected.

On August 29, 2021, Wiz published a very good blog post called Protecting your environment from ChaosDB that goes deeply and covers topics such as Who is affected, Find out which Cosmos DBs are affected by this vulnerability, and Actions to be taken (short-term and long-term actions/recommendations). If you use Cosmos DB in your applications, I recommend you to have a look at the following blog posts to better understand the overall situation and reach out the correct decision for your business scenario:

• [Microsoft] Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature
• [Wiz] ChaosDB: How we hacked thousands of Azure customers’ databases
• [Wiz] Protecting your environment from ChaosDB

Better safe than sorry 😊

I ended up regenerating the primary read-write key of my Cosmos DBs. I also took this opportunity to regenerate the primary read-only key as well as the secondary read-write and read-only keys of all my Cosmos DBs to ensure all keys are new and my data is protected.

Awarded the Microsoft MVP in Office Development - 2021/2022

The doorbell rang and someone from my family opened it. I knew the postman was supposed to deliver something special for me on that day but I wasn't sure whether he/she was at the door. I started thinking, "Maybe it is a friendly neighbor or a postman who isn't delivering the package I’ve been waiting for." Although I was keen to go and see what was going on, I couldn't because I was in the middle of a meeting.

Finally, the meeting was over; and I walked downstairs like a kid in a candy shop. The package was for me and the sender was Microsoft. Together with my family I opened the package and a beautiful “THANK YOU” appeared. The MVP award for 2021-2022 has just arrived!

I’m delighted to receive the MVP award also this year. 2020 was definitely exceptional and I hope the near future will allow us more and more to get back to what we used to call normal 😊 I’m also looking forward to meeting the community in person at events again. This is something I miss most about our awesome community!

This blog post represents an opportunity for me to say thank you to people who keep inspiring and motivating me:

• Chris O’Brien: You’ve been an MVP for 14 consecutive years. Congratulation 🥳 Thanks for all the content you've been sharing with us via your blog, events, social media, and so on. You've been a source of inspiration to me.
• Jeremy Thake: Although you aren't an MVP anymore, you keep contributing to our community with the awesome Microsoft 365 Developer Podcast. Thank you and Paul Schaeflein for the content you share and the speakers you invite. Also, thank you for the great work you’ve done on the Microsoft Graph docs.
• Vesa Juvonen and Waldek Mastykarz: The Microsoft 365 PnP Weekly is a success and you guys have been playing a very important role in impacting our community.
• A huge thanks to all of you who has been sharing your knowledge with us. As Vesa Juvonen says, "YOU ARE AWESOME".

I also want to say thanks to the Valo Teamwork team for the peer programming, the brainstorming, and innovation sessions we have. It’s been a pleasure to work with you and to be part of Valo. Thanks also to the Microsoft Graph docs team for the tireless and amazing work you do and for the huge impact you have in our community. Very special thanks to my wife and kids for everything 😊 I loved each and every second we spend together ❤

#MVPBuzz

Graph API News: Tag support in Microsoft Graph APIs

The Microsoft Graph Teams team has just released new API support for interacting with tags in a team. Developers can now list, create, get, update, and delete tags. Additionally, support for listing, getting, and deleting members from tags in a team is also available.

Tags in Microsoft Teams provide a simple way for user categorization based on common attributes. For example, I’ve created tags in my development teams to reach Designers, Developers, Testers etc. After a tag is created, users can @mention it in a channel. For example, a chat message that contains @Designers reaches the group of users specified in the @Designers tag. For more information about tag management in Microsoft Teams, see Manage Tag in Microsoft Teams.

The APIs support application permissions and currently they’re only available as BETA endpoints. Keep in mind that BETA APIs in Microsoft Graph are subject to change and production usage isn’t supported.

The following examples show the HTTP requests for listing, creating, getting, updating, and deleting tags associated to a team.

Get a list of the tags:

GET https://graph.microsoft.com/beta/teams/{teamId}/tags

Create a tag in a team:

POST https://graph.microsoft.com/beta/teams/{teamId}/tags

Read a tag:

GET https://graph.microsoft.com/beta/teams/{teamId}/tags/{tagId}

Update a tag:

PATCH https://graph.microsoft.com/beta/teams/{teamId}/tags/{tagId}

Delete a tag:

DELETE https://graph.microsoft.com/beta/teams/{teamId}/tags/{tagId}

The following examples show the HTTP requests for listing, getting, and deleting members from a tag in a team.

Get a list of tag members in a team:

GET https://graph.microsoft.com/beta/teams/{teamId}/tags/{tagId}/members

Get details of a tag member in a team:

GET https://graph.microsoft.com/beta/teams/{teamId}/tags/{tagId}/members/{tagMemberId}

Delete a member from a tag in a team:

GET https://graph.microsoft.com/beta/teams/{teamId}/tags/{tagId}/members/{tagMemberId}

I assume the roll out for these new APIs is still taking place. So, no worries if you can’t use them yet in your environments! I’m eager to learn more about it and consider possible implementation scenarios for the products I manage.

Thanks for reading,
Jarbas