Getting offline status for all users if logged in on the tenant as a guest user account

Question

I have used Microsoft Graph API in my SPFx solution. We are fetching users from Azure AD and then fetching their Presence. When I log in using my organization account of the same tenant, it works as expected but if I log in using the guest user account, it returns the Offline status for all users.

I found that using SPFx it assigns the Delegate access to the Microsoft Graph API, so I have added Presence.ReadWrite.All with Application type. In principle now it should work for the guest user as well as I have assigned the access as Application type but still it is returning the Offline status for all users.

Furthermore, I have also set the Guest users access same as normal users as shown in the images below,:

Still it is not working. Any thoughts?

Answer 1

With the guest account, it is likely that token you get may not have the appropriate permissions to access the said scope. You can check the token's permissions by decoding the token using a JWT decoder such JWT decoder(https://jwt.ms/) and looking for the scp attribute. Check for the Presence.Read or Presence.Read.All scope and if it does not exist, it might explain why you are running into this issue.

To remedy this issue, you need to grant the appropriate permission to the guest account. You can do this by adding the required permission in the Azure AD app registration and then granting consent to the guest account.

Here are some links to the Microsoft documentation that can help you with this:

• Grant admin consent for permissions: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
• Grant consent using the Azure portal: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#grant-consent-using-the-azure-portal