How can I invite individual users to share their calendars so I can access them using Graph API

Question

I want to set up a timer triggered function app to check for changes in my clients' calendars. I want to be able to check calendars and add calendar items.

I have been trying to set up an app that they can consent to in Entra ID but have not been able to get it working.

I can invite guest users to join my tenant then assign them to my calendar app, but I get the error

"The mailbox is either inactive, soft-deleted, or is hosted on-premise"

Is there a way to make a consent url to send to individuals? I tried a url like https://login.microsoftonline.com/common/adminconsent?client_id=my_client_id

but that gave an error

App needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.

my app does not request any admin required permissions and I have configured users to be allowed to consent.
I see the /adminconsent in the url I tried above, is there a user consent version that I haven't been able to find?

I'm trying to invite individuals, not entire tenants - most of the content I'm finding seems to be more B2B oriented.

Any guidance here would be deeply appreciated! Thanks.

Answer 1

It seems like you’re trying to accomplish several tasks: inviting individual users to share their calendars, setting up a timer-triggered function app to check for changes in these calendars, and dealing with some errors related to user consent and mailbox status. Let’s address these one by one:

1. Inviting Individual Users to Share Their Calendars: Microsoft Graph API provides the ability to create an invitation for external users. However, sharing calendars is a bit more complex. The user who owns the calendar needs to share it. You might need to guide your clients to share their calendars with the service principal of your application.
2. Setting Up a Timer-Triggered Function App: Azure Functions support timer triggers, which let you run a function on a schedule. You can use this feature to periodically check for changes in your clients’ calendars.
3. Error - “The mailbox is either inactive, soft-deleted, or is hosted on-premise”: This error typically occurs when the user doesn’t have a valid Microsoft 365 license. An Exchange Online mailbox and Outlook calendars are only available/created for users with a valid Microsoft 365 license.
4. Creating a Consent URL for Individuals: The error message “App needs permission to access resources in your organization that only an admin can grant” suggests that the permissions your app is requesting require admin consent. Even if your app doesn’t request any admin-required permissions, certain permissions in Microsoft Graph require admin consent regardless of their ‘admin consent required’ property. You might need to review the permissions your app is requesting.
5. Inviting Individuals, Not Entire Tenants: As you noted, much of the content around this topic is oriented towards B2B scenarios where an entire tenant is invited. However, the invitation feature of Microsoft Graph API allows you to invite individual users.

Remember, this is a complex scenario involving multiple components (Azure Functions, Microsoft Graph API, user consent, etc.), and each component has its own requirements and constraints. It’s important to understand each part thoroughly.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".