This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 74%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
I am trying to write a Python script in Jupyter Notebook to connect to the Graph API on behalf of the user. I have successfully managed to acquire access token and retrieved List groups. When I try to request "/groups/{id}/conversations" code returns error.
What I done:
Created App on Azure Directory
app = PublicClientApplication(client_id, authority=f'https://login.microsoftonline.com/{tenant_id}')
result = app.initiate_device_flow(scopes=scopes)
token = app.acquire_token_by_device_flow(result)
access_token = token['access_token']
Error: 403 - {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again., User 'user_id' not authorized to access group 'group_mail'. Reason: '(0xD10)'."}}
User is Global admin.
This issue has nothing to do with permissions, the logged in user must be the owner of the group to retrieve the list of conversations in the group.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
@CarlZhao-MSFT Thank you for assistance!
Due to the organization's policies, I cannot be added as the owner of all the groups within the organization.
What I am trying to achieve is to retrieve the last dates when the groups received emails. Could you please provide me with some insight? I could not find any other ways in Graph documentation to query these dates..
Group messages cannot be retrieved, only group conversations, as you are doing. If you want to get the latest group conversations, then just sort the returned result set.
https://graph.microsoft.com/v1.0/groups/{group id}/conversations?$orderby=lastDeliveredDateTime desc
However, as I said in my answer, the calling user must be the owner of the group, otherwise access will be blocked.
If your group policy does not allow you to be set as the owner of the group, then try calling this API endpoint using an unattended daemon (application permissions only).
@CarlZhao-MSFT Thank you! When I tried calling 'graph.microsoft.com/v1.0/groups/{id}/conversations' API endpoint using App-only access it returned.
Error: 403 - {"error":{"code":"AppOnlyAccessNotEnabledForTarget","message":"App Only access is not allowed for target resource
Hi,
Have you granted the appropriate application permissions to your app? Please try to decode your access token and share the screenshot.
This are granted permissions.
'roles': ['Mail.ReadBasic.All', 'Group.Read.All', 'Group.ReadWrite.All', 'Directory.Read.All', 'User.Read.All', 'GroupMember.Read.All', 'Mail.Read', 'Reports.Read.All'],