Search code examples
powershellmicrosoft-graph-apioffice365exchange-serverexchangewebservices

Is there an API to retrieve Microsoft's newly-added pronouns in M365?

We're implementing Microsoft 365's new pronouns feature, and we need to be able to sync this user-provided data back to our Active Directory environment. According to the admin documentation, these pronouns "are stored with other data in the user's Exchange mailbox."

However, when I use Get-Mailbox (using the ExchangeOnlineManagement module, version 3.2.0 Preview2), I'm not seeing the pronoun data anywhere (using Get-Mailbox user@example.com | Select *).

I'm not able to find any PowerShell-related documentation for this feature. Would anyone be able to either:

  • Give a link to the documentation that details how to pull this information
  • Show how to access this info using PowerShell, Microsoft's Graph API, or Exchange Web Services (EWS)

Thanks in advance for any advice you can give me!

Solution

  • I found that the pronouns were being retrieved from https://nam.loki.delve.office.com/api/v2/extendeduserinfo/pronouns with POST requests. Not sure if the nam or loki parts of the URL are static or specific to our tenant.

    Unfortunately, it looks like this part of the Delve app isn't made public with the Graph API (at least not yet). So, I ended up creating an internal app for our company that iterates over each user and does the following:

    • Uses a code-controlled browser (e.g. Selenium, Puppet) to log into Teams with a dedicated, licensed M365 user (acting as a service account)
    • Once the Teams web app is loaded, finds the key in local storage that ends with loki.delve.office.com and retrieves the token value using the key
    • Caches the token for faster future use (e.g. not logging in for every single user iteration)
    • Then, submits a post request with the following:
      • Parameters:
        • ConvertGetPost=true
        • aadObjectId=<oid> (replacing <oid> with the object ID of the target Azure AD user
      • Body (these look like headers, but are in fact the body): 
        {
  "accept": "application/json",
  "Content-Type": "application/json",
  "authorization": "<token that was retrieved above>"
  # these next two are required, will throw a 500 error without them
  "X-ClientType": "MicrosoftTeamsAngular",
  "X-HostAppRing": "general",
}
    • The response resembles something like this: 
      {
  "id": "<oid of the target Azure AD user>",
  # note that the preceding space is not a typo
  "displayName": " He/Him",
  "allowedAudiences": "Organization"
}

    These attributes are then assigned to the user in a custom field that can be used by other applications.

    Not sure if we'll be able to open-source the tool, but if not, hopefully the above will be able to point anyone else in the right direction.