Just tried this and it seems to work as expected. Are you getting this error when trying to add the permission in the portal or? What type of application are you using?
OrgContact.Read.All permission not working
I tried to add the following, but I was unsuccessful
Unable to save changes. One or more of the following permission(s) are currently not supported: OrgContact.Read.All. Please remove these permission(s) and retry your request. [1DanbsLU5zoSJsIqjgXw+t]
can you help me with this?
Microsoft Graph
1 answer
Sort by: Most helpful
-
Vasil Michev 95,666 Reputation points • MVP
2022-09-06T16:06:30.067+00:00 -
Daniel Dunér 1 Reputation point
2022-09-07T06:50:36.023+00:00 Yes I get that message, when I try to add the permission under API permissions. It's a web application that wants to use the contacts from a user in a contactbook (i.e. a search field)
It works in the development environment, but not in the production environment
-
Vasil Michev 95,666 Reputation points • MVP
2022-09-07T07:09:33.297+00:00 Just curious, can you add other permissions, or the error is for this specific one? Have you tried both the delegate and application permissions variant, are they both giving you the error?
-
Daniel Dunér 1 Reputation point
2022-09-07T12:17:01.54+00:00 It works to add others, it worked when i tried the application permissions. What is the difference though? Is it ok for the kind of service we are trying to achieve, where we want access to the contacts from one our customers. where they grant access once and then it is running in the background untill they turn it off?
-
Vasil Michev 95,666 Reputation points • MVP
2022-09-07T13:00:12.81+00:00 Application permissions are used for unattended scenario, where your application runs without needing a user. With delegate permissions, you're running in the context of a user. Both should work fine for the scenario at hand, and I'm not seeing any issues with adding them in my tenant.
-
Daniel Dunér 1 Reputation point
2022-09-07T13:03:15.74+00:00 Okay, since these users are other companies and we just want them to log in with oauth, they will not be added into our tenant? we are using
"Supported account types: All Microsoft account users"
Am I missing something?
-
Vasil Michev 95,666 Reputation points • MVP
2022-09-07T13:09:13.91+00:00 Oh, Microsoft accounts are not supported for this. These permissions are required to read the contacts stored in the Exchange Online directory, not in user's individual mailboxes. For the latter, use the Contacts.Read permissions. Here's the relevant documentation article: https://learn.microsoft.com/en-us/graph/api/user-list-contacts?view=graph-rest-1.0&tabs=http
-
Daniel Dunér 1 Reputation point
2022-09-07T13:24:44.64+00:00 Ok the problem is that I have noticed that a business user often don't have all their contacts in their "normal" contact book? Often for example the company adds some global address list or something which they grant the user access to (if I've understood it correctly) and sometimes they are using teams and have the addresses coming from the user groups or something like that, so I have made our application fetch the information form all the possible places.
also if a user corresponds with one of their customers through email, that mail address is saved somewhere, since when writing a new email they can type in some letters in the address field and the email adress pops up as a suggestion, where is this email put is it in some global address list?
Where would you suggest that I look to get the list of their contacts?
-
Vasil Michev 95,666 Reputation points • MVP
2022-09-07T14:38:05.167+00:00 Ok the problem is that I have noticed that a business user often don't have all their contacts in their "normal" contact book? Often for example the company adds some global address list or something which they grant the user access to (if I've understood it correctly) and sometimes they are using teams and have the addresses coming from the user groups or something like that, so I have made our application fetch the information form all the possible places.
That's fine, as long as we are talking about Office 365 users. Users with personal outlook.com accounts do not have a corresponding directory or Global address list, thus the permissions and endpoint do not support personal Microsoft accounts. For O365 you can certainly query the org-wide contacts as well.
also if a user corresponds with one of their customers through email, that mail address is saved somewhere, since when writing a new email they can type in some letters in the address field and the email adress pops up as a suggestion, where is this email put is it in some global address list?
That's the autocomplete cache, afaik you cannot access it via the Graph. At least not directly by using a predefined endpoint. Instead, you'll have to search for the corresponding folder associated items. Same goes to the recipient and other caches.
-
Daniel Dunér 1 Reputation point
2022-09-08T06:22:57.19+00:00 I assume that having o365 is the most common thing to have for business users, since our customers are businesses and their employees I think it will be fine if that's the case.
and to the other question what do you mean by the corresponding folder associated items?
-
Vasil Michev 95,666 Reputation points • MVP
2022-09-08T06:45:28.463+00:00 FAIs are sort of "hidden" items within the mailbox, used by many Outlook features to store data. In particular, the Autocomplete data can be found in Inbox's FAI. Read here for more details: https://www.enowsoftware.com/solutions-engine/exchange-center/clearing-autocomplete-and-recipient-caches-redux
-
Daniel Dunér 1 Reputation point
2022-11-21T10:21:02.207+00:00 Hi, I have a question concerning what license is required to query org-wide contacts? Our IT support has approved through the request, through the permission approval asked for in the consent screen. However it still doesn't work with my user? what could be missing?
-
Vasil Michev 95,666 Reputation points • MVP
2022-11-21T11:06:15.923+00:00 If you are running this in the context of a user, he will need to have an Exchange Online license.
-
Daniel Dunér 1 Reputation point
2022-11-21T13:52:25.44+00:00 ok thanks. I'm having problems when I try to connect and approve the application, the consent prompt asks for admin consent and I need to put in an approval, but when I have received the admin consent from our admins, I still get the question next time I try to connect with oauth to grant consent?
-
Daniel Dunér 1 Reputation point
2022-11-21T13:53:16.797+00:00
Looks like this -
Vasil Michev 95,666 Reputation points • MVP
2022-11-22T07:55:20.84+00:00 You'll have to solve this with your admins. If you plan to use this app against additional tenants, best go over the publisher verification process: https://learn.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview
-
Daniel Dunér 1 Reputation point
2022-11-23T07:29:24.32+00:00 I have built an app that uses microsoft graph api, through this registered azure app(?) and that app will have multiple different users connecting and from which we will collect their contacts so that they can see them in the app (not within our company) that shouldn't be any problem? If that's what you mean by additional tenants? and yes, it is fixed for the production version of the app.
Sign in to comment -