Unable to fetch transcript for online meeting using Microsoft Graph API

Question

I am trying to formulate a http request as following to fetch the transcript of a meeting using a service account,https://graph.microsoft.com/beta/users/{{user-id}}/onlineMeetings/{{transcriptID}}/transcripts/

I have used a valid user object and transcript ID in the fields, but the response I am getting is as following;

{ "error": { "code": "Forbidden", "message": "Application is not allowed to perform operations on the user '{{user-id}}', neither is allowed access through RSC permission evaluation."} }

I am using a registered app on the azure with the following admin granted consent;

I have also added the access policy and granted permission to for the service account to access the policy and app using the following cmds.

New-CsApplicationAccessPolicy -Identity "Transcript_Fetcher_Policy" -AppIds "appid" -Description "Policy allowing Transcript Fetcher for AI"

Grant-CsApplicationAccessPolicy -PolicyName "Transcript_Fetcher_Policy" -Identity "serviceaccountid"

However, this happens for only meeting organized by someone else {{user-id}} , if the meeting organizer or {{user-id}} is the service account, it fetches the transcript without any issues.

Answer 1

What I am aiming is to setup a service account which can query for any meeting transcript if the meeting is in the service account's calendar. The application policies were created to allow this service account to have access to this application. The application is set to grant permission to read all transcript meetings. I can't figure out which permission I am missing. I am against allowing this policy to whole tenant, as this will give any users able to access the application. I setup this application only to be accessed by this service account. I have created application policy and granted the permission to this service account. I also created a second app, given permission to it, and created policies and granted the permission to the this service account, and it still throwing the following error.

{ "error": { "code": "Forbidden", "message": "Application is not allowed to perform operations on the user '{{user-id}}', neither is allowed access through RSC permission evaluation."} }

Answer 2

Hello Libin Mathew,

Thank you for reaching out to Microsoft Support!

This is an expected behavior, when you grant an application access policy, the application can access the online meeting on behalf of the user, but when the user does not have the permission to access an online meeting, applications that have been granted policies also have no permissions, so when you grant the application access policy, the application is working for the organizer.

Perhaps you can assign it as a global access policy, see this link for details:

https://learn.microsoft.com/en-us/powershell/module/teams/grant-csapplicationaccesspolicy?view=teams-ps

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

Answer 3

Hi Libin Mathew,

Thanks for reaching out to Microsoft!

To use application permission for this API, tenant administrators must create an application access policy and grant it to a user. Allow applications to access online meetings on behalf of a user which I believe is already set up for your tenant as per the details shared.

Please try to use the API in Use Postman with the Microsoft Graph API as you are using application permissions. Additionally, switch from the beta version to v1.0.

Note: Usually, it is not recommended to use the Beta versions of API in production as they are subject to change according to Microsoft policies and they can be leveraged only when they are available for general use.

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.