AzureAD and Microsoft 365 Personal

Question

What I am trying to achieve: I want to create a PHP script that access the emails via Graph API.

A while back I have created a Azure AD Free account with my email address.
Recently I have acquired a Microsoft365 Personal subscription.

In my AD directory I created a new App, granted Graph API rights and allocated the default user (which has the email address the same as the one used for Microsoft365 Personal account).
Executing the PHP script works fine until getting the message when I get the following error:
"code":"OrganizationFromTenantGuidNotFound","message":"The tenant for tenant guid '00b44cfa-977e-48bb-b616-04648ae576a4' does not exist."
Reading about this error, my understanding is that the MS365 user is not linked to Azure AD. The recommendation was to invite a new user as guest, the one that has the MS365 account. Which I did. The error persists.
Next step was to notice in the App Registration the Applications from personal account tab where the following message was displayed: These applications are associated with the account [email_address] but are not contained within any directory. They are shown here so you can manage them, but will not be available to other users or admins in this directory.
I have created a new app using in the New Registration->Register in this directory button in the same screen. Then I used this new App to connect using Graph API, but still same error. (I mention that the new app has the same configuration as the initial one, the users are fetch correctly but reading emails is not working).

How can I connect my Microsoft 365 personal account in order to access my emails? What are the requirements and steps to do this?

Please let me know if you need further details

Answer 1

Hi @Stefan Stanescu

First go to the manifest of the application, find the signInAudience attribute, change the attribute value to: AzureADandPersonalMicrosoftAccount and save it.

Next use the graph PHP SDK to access your personal account email, please note that you must change /{tenant id} to /common to allow your personal account to log in.

<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestConfiguration = new MessagesRequestBuilderGetRequestConfiguration();
$queryParameters = MessagesRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->select = ["sender","subject"];
$requestConfiguration->queryParameters = $queryParameters;

$result = $graphServiceClient->me()->messages()->get($requestConfiguration);

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

Answer 2

Hi! Sorry for the delay and thank you for your response. I was expecting to be notified if I follow the question.
I have checked and the signInAudience is the one you gave me as example ("signInAudience": "AzureADandPersonalMicrosoftAccount").
What I am trying to do is to use application permission to achieve my goal and not delegated permissions. I use this library https://github.com/microsoftgraph/msgraph-sdk-php which seems quite straight forward.

when getting the token I tried to use this URL
$tokenRequestUrl = 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
instead of
$tokenRequestUrl = 'https://login.microsoftonline.com/{token}/oauth2/v2.0/token';
When trying to access the /me endpoint I get this response:

  
I have created separately a Microsoft 365 development account and for that I can manage to get messages from the test accounts.  
  
does this has to do with the identities the guest user has?  
![Capture](/api/attachments/838143c9-264e-4801-83fe-b79180a899e9?platform=QnA)