I have been trawling the internet and clicking myself blue in the face! Hopefully someone has a definitive answer.
I want to have one Group (in either of Azure AD, Microsoft Teams or Azure DevOps). This group must have access to a DevOps project and a Team site. When I change the membership of the group, the membership must change for both the Team and the DevOps project. I want to avoid the overhead of managing the groups for both separately.
Is this at all possible? Thanks.
This is a really good question, and the answer is not obvious at all. Ironically we had the same exact problem in Microsoft Teams - when a user was added or deleted from the underlying Office 365 Group (which is mastered in Azure AD), it would take up to an hour, sometimes more, to be reflected in Teams, which has its own copy of the member list.
There is a way to do it, and it's how Teams does it: it relies on a relatively new feature in Microsoft Graph called subscriptions. You can find the documentation for it here: https://learn.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-1.0.
Essentially what you want to do is create a subscription to the group: POST https://graph.microsoft.com/v1.0/subscriptions with the right message body and your endpoint will be called whenever there's a membership change in the group. Your endpoint won't know what changed, just the event and some IDs - you will likely have to make a separate call to retrieve the actual data (unless the IDs alone are sufficient).
There's a sample on GitHub that illustrates how to use Microsoft Graph subscriptions including more details on how to subscribe to group notifications specifically.
One thing to be aware of is that to use these APIs, your application will require fairly elevated permissions: Group.Read.All which means it has the ability to read not only the team/group members, but all of its messages too (among other things), for every group in your Office 365 tenant. We are working with the MS Graph team to support a less-privileged, per-group permission approach, but even after that's released for Teams Graph APIs, support for that will have to be added to the subscriptions APIs I just mentioned and that may not happen for a while.
Related
Good morning;
I'd like to know if it's possible to make a query in Azure DevOps for obtaining the team's users accesses stats.
I can obtain the cards modified by the users, but i want to know if there's a way to know if the users are accessing to the boards (using Azure devops queries).
Thanks!!
Do you mean to get users list who are accessing boards?
If so, I am afraid that there is no way to get this information right now.
This feature is not supported by azure devops for the time being.
You could add your request for this feature on our UserVoice site , which is our main forum for product suggestions. After suggest raised, you can vote and add your comments for this feedback. The product team would provide the updates if they view it.
Thank you for your response.
As you said, I need the list of the users who are accessing boards.
By the moment, I'll obtain the number of cards modified by each user, and this could give me an idea about the users activity.
Is there any way that we can collect data by asking the questions when someone wants to join the group. And we collect the data when we approve the joining request or sometimes programmatically?
Could you please elaborate on how we can use Facebook GRAPH API for fulfilling the above purpose?
Check out GroupTrack CRM...it's a CRM that is integrated into Facebook via a Chrome Extension. It does exactly what you asked (one click to approve individual or all pending members while also saving their answers to your questions and adding them to the CRM), along with a ton of other awesome stuff.
Keep notes and tags, track sales funnel stages, bookmark posts and comments, set follow up tasks with reminders, and more across unlimited Groups. Everything is synced in real time with a web app as well, so you can access your contact information from anywhere, plus it can be set up to integrate with external systems (Google Sheets, Streak, and Kartra at the moment, but many more to come).
Lastly, GroupTrack supports teams, so if you run a Group with other admins, you can share access to the CRM and have everything kept in sync. It's awesome!
Our main Azure DevOps Organization is linked to our Azure AD. We need to invite customers to specific projects as stakeholder only, and with this, they are added as external users in our AD. We found that within a customer project also, all other external users are visible, e.g. via mention with # anywhere in the text or assignment drop-down, although these do not have access to that project. Our only workaround so far is to create new non AD linked customer specific organizations, but this is really not the right way to go (licencing, management etc.)
Is there any option to prevent this and to restrict visibility to only those users, which are part of a project (or planned)?
I tested and found the same issue as you said. It is by design, you can raise a problem in the Developer Community
https://developercommunity.visualstudio.com/spaces/21/index.html
Besides, since there is a workaround that works now, continue on this basis. You can create different AAD for the customer specific organizations, then add the customers to these AAD. Thus, these users will be invisible because they are in different AAD organizations.
I am looking for an API that would allow me to do the following: given a business subscription for Office365 and Admin level access, I would like to receive events about file and folder changes.
Example events I am interested it:
Billy uploaded a cat1.jpg to /drives/123/cats on %datetime%
Sally created a file.txt in /drives/123/work_in_progress on %datetime%
Jay shared a data.csv in /drives/123/data with bob#example.com on %datetime%
I've looked at activities API and webhooks subscription but not sure if these are the right ones for the purpuses.
Can someone please suggest APIs I can use to get such audit trail data from Office365/OneDrive?
Depending on the scale, Webhooks and Deltas are excellent candidates for this.
Where you'll likely run into challenges is if you're attempting to centrally audit across an entire organization. These endpoints are scoped to a single user/directory/drive/etc. so they are less than ideal for organization-wide auditing.
For broader/top-level auditing, I would instead look at the Office 365 Management Activity API. This API includes the ability to audit SharePoint File Operations.
I'm interested in getting data (metadata and content of files) out of Microsoft Teams into my application using REST APIs. I have looked at Office 365 APIs and Graph APIs but, I could not find supporting documentation for Microsoft Teams.
Teams API is now added to beta endpoint in Microsoft Graph. In documentation, you can find it together with Groups. Post, Channel and Chat Thread are available.
For example, documentation for "channel" resource is here:
https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/channel
Microsoft Teams REST API is now included into MS Graph API
https://learn.microsoft.com/en-us/graph/api/resources/team?view=graph-rest-1.0
At the time of writing this answer there are not too many APIs around Teams. However more are being added and they are in Beta (sending messages, adding apps to team, uploading team image, and more).
https://learn.microsoft.com/en-us/graph/api/resources/team?view=graph-rest-beta
It is not recommended to use Beta APIs in production environment as they might change.
It is also worth of mentioning that Teams are actually Office365 Groups.
Please take a look at Graph API
https://learn.microsoft.com/en-us/graph/api/resources/team?view=graph-rest-1.0
https://learn.microsoft.com/en-us/graph/api/resources/team?view=graph-rest-beta
Expand "Teamwork" at left side, you can get all Teams related API
We do not have Teams APIs available at this time. Our extensibility options are limited to experiences within the Teams application.
The Microsoft Graph API is constantly changing and we're currently using the following to monitor/interact with our Microsoft Teams application:
https://learn.microsoft.com/en-us/graph/api/resources/teams-api-overview
It gives access to the following (at the time of writing this):
We also monitor the general usage via the reports section in the Graph API:
This gives access to:
Device Usage:
Get details about Microsoft Teams device usage by user.
Get the number of daily unique users by device type.
Get the number of unique users by device type over the selected time period.
User Usage:
Get details about Microsoft Teams user activity by user.
Get the number of Microsoft Teams activities by activity type. The activities are performed by Microsoft Teams licensed users.
Get the number of users by activity type. The activity types are number of teams chat messages, private chat messages, calls, or meetings.
https://learn.microsoft.com/en-us/graph/api/resources/microsoft-teams-device-usage-reports?view=graph-rest-1.0