MS Graph - team create API returns 403 Forbidden error suddenly
I have a singletenant Azure app and i have all the required permission for creating a MS team via app, and The API was working fine with multi-tenant App earlier, but same code is not working for singletenant app registered user; Please let me know if I am missing anything here; I am using organization tenant uri in my authn and authz calls for single tenant.
Below Postman screenshot is the error response from graph API Error repsonse complete error response
API Permissions for MS Team create API
decoded token with required permission
Not able to create team since last 3 days.
I registered one single tenant Azure AD application and granted Team.Create permission of Delegated type:
Now, I generated access token using on-behalf of flow via Postman with below parameters:
POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/token
client_id:appId
client_secret:secret
scope: https://graph.microsoft.com/.default
grant_type: urn:ietf:params:oauth:grant-type:jwt-bearer
assertion: token
requested_token_use:on_behalf_of
Response:
When I used this token to create team, I too got same error as you like below:
POST https://graph.microsoft.com/v1.0/teams
{
"[email protected]": "https://graph.microsoft.com/v1.0/teamsTemplates('standard')",
"displayName": "My Sample Team",
"description": "My Sample Team’s Description"
}
Response:
Note: While creating teams, Microsoft 365 group will be created with same name.
In my case, the error occurred as creation of Microsoft 365 groups is disabled for users in that specific tenant:
To resolve the error, you need to enable creation of Microsoft 365 groups option for users like this:
When I ran the graph query again by generating new token, I got below response:
POST https://graph.microsoft.com/v1.0/teams
{
"[email protected]": "https://graph.microsoft.com/v1.0/teamsTemplates('standard')",
"displayName": "My Sample Team",
"description": "My Sample Team’s Description"
}
Response:
To confirm that, I checked the same in Portal where new Microsoft 365 group with same name created successfully:
- MS Graph API - How to query additional pages
- how to hash users into random values in azure databricks
- How can I manage Azure SQL user/login/credentials
- How to connect secrets value stored in Azure key vault to Azure app service env variables directly
- AVD Insights Host Performance Blade Empty after vhange to new Azure Monitoring Agent
- How to get a list of users from azure graph API
- Azure App Service Flask Deployment Error: "Failed to Respond to HTTP Pings on Port 8000; Site Start Failed. Check Container Logs for Debugging."
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Can you publish a new standalone Angular project (esproj) directly from VS2022 to Azure?
- Cors configuration
- Publish error: Found multiple publish output files with the same relative path
- remove event subscriptions from system topics
- node-fetch azure document translator
- Is it possible to use .env in a React Web project?
- Sign in to Azure Account from VS Code
- How to copy blobs from azure to aws using python?
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- how to mask hash users into random values [email protected] in azure databricks
- Can we use PostgREST API with Azure
- Bicep adding DNS Records saying already exists when it doesn't
- Issue in sending personal message in MS Teams with Graph API
- import files to databricks workspace
- Create an Api connection to log analytics workspace via bicep
- az funcapp publish .net8 Isolated breaking Azure configuration runtime settings on Sync
- Is there a way to get more than 1000 Packages and versions from Azure DEVOPs Feed RESTAPI for GET Packages?
- how to insert json into cosmos db collection using c#
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- How to connect Azure Postgre Server to Google Looker Studio
- Azure SignalR: None of the transports supported by the client are supported by the server