Search code examples
azureuwpazure-active-directorymicrosoft-graph-apimicrosoft-graph-sdks

Microsoft Graph API: returning only one user out of total 13 users

In my UWP app, I am using Microsoft Graph SDK. My Azure account has total 13 users that I want to display in my UWP app using the following query. But the query is returning only one (the logged in user). It happens even when I logged in as Global admin. Moreover, the userType of the user is shown as Null

var users = await graphClient.Users.Request()
    .Select("displayName, userPrincipalName, userType")
    .GetAsync();

Authorization Scopes in my App: User.Read User.Read.All

Azure Portal showing the list of all users:

NOTE: The above query in the UWP returns only one of these users (the logged in user)

enter image description here

API Permissions of the Registered App in Azure:

enter image description here

UPDATE:

To answer an inquiry from user @Allen Wu:

a) I've installed the following NuGet packages:

Install-Package Microsoft.Toolkit.Uwp.Ui.Controls -Version 6.0.0
Install-Package Microsoft.Toolkit.Uwp.Ui.Controls.DataGrid -Version 6.0.0
Install-Package Microsoft.Toolkit.Graph.Controls -IncludePrerelease

And I'm using setting the variable graphClient as ProviderManager.Instance.GlobalProvider.Graph;

b) I have tested the app using the third to last account (Microsoft hotmail Account shown in image 1) and the second to last account (Microsoft Outlook account) both of which I have assigned a Global Administrator role. But they are not the Azure AD accounts.

Solution

  • You should provide your code so that I can modify or point out the incorrect part.

    But anyway I have found the reason.

    The two accounts Microsoft hotmail Account and Microsoft Outlook account are actually MSA (Microsoft personal account).

    Although they have been added as guest users into your tenant, if your authentication endpoint is common, then this account will be treated as a personal account instead of a guest user under this tenant. See reference here. In your code you are using common by default, so the user is treated as MSA and it can only get its own information.

    So you need to specify the tenant id in the request. I'm not sure how you generate the graphClient. But you can refer to the official document Authorization code provider and List users example.

    But still remember to modify WithAuthority.

    An example here:

    IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
    .Create(clientId)
    .WithRedirectUri(redirectUri)
    .WithAuthority("https://login.microsoftonline.com/{tenant id}/v2.0")
    .WithClientSecret(clientSecret) // or .WithCertificate(certificate)
    .Build();

AuthorizationCodeProvider authProvider = new AuthorizationCodeProvider(confidentialClientApplication, scopes);

GraphServiceClient graphClient = new GraphServiceClient(authProvider);

var users = await graphClient.Users
    .Request()
    .GetAsync();