Office 365 API Management - SharePoint Online AF20023 Error

Aniruddha Aditya 316 Reputation points
2021-02-09T17:58:29.44+00:00

Hi Friends,
Though it might be simple,I am stuck with this section for the past 2 days.

I want to use Office 365 Management API to get SharePoint events - ExternalSharing & Group Added.

I have created the APP token and Secret and provided appropriate permission on SharePoint.

I am getting the AF20023 - The subscription is disabled and not able to fetch the events. Already there are events that I have created from the portal.

I am using the below code:

$ClientID = ""
$ClientSecret = "
$loginURL = "https://login.microsoftonline.com/"
$tenantdomain = "dddd.onmicrosoft.com"
$TenantGUID = "22e45340-059b-410d-bf4a-sadfsfs"
$resource = "https://manage.office.com"

auth

$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth = Invoke-RestMethod -Method Post -Uri "$loginURL/$TenantGUID/oauth2/token?api-version=1.0" -Body $body
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$TenantGUID/activity/feed/subscriptions/content?contentType=Audit.SharePoint"

Reference https://learn.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference

Any clue?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,920 questions
0 comments No comments
{count} votes

Accepted answer
  1. MichaelHan-MSFT 18,041 Reputation points
    2021-02-10T02:19:55.433+00:00

    Hi @Aniruddha Aditya

    From the documentation, the error message for the AF20023 is :

    The subscription was disabled by {0}.

    • {0} = "a tenant admin" or "a service admin"

    You could check your subscriptions with the endpoint:

    Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/list"  
    

    Check if the status for the Audit.SharePoint content type is enabled.

    Also, you could try to create a new subscription: https://learn.microsoft.com/en-us/office/office-365-management-api/troubleshooting-the-office-365-management-activity-api#creating-a-new-subscription

    Invoke-WebRequest -Method Post -Headers $headerParams -Uri "https://<YOUR_API_ENDPOINT>/api/v1.0/$tenantGUID/activity/feed/subscriptions/start?contentType=Audit.SharePoint"  
    

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Aniruddha Aditya 316 Reputation points
    2021-02-11T12:43:19.157+00:00

    Thanks for the clue..it worked. Actually, I missed registering the subscription

    $ClientID = ""
    $ClientSecret = ""
    $loginURL = "https://login.microsoftonline.com/"
    $tenantdomain = "Domain.onmicrosoft.com"
    $TenantGUID = ""
    $resource = "https://manage.office.com"

    $body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
    $oauth = Invoke-RestMethod -Method Post -Uri "$loginURL/$TenantGUID/oauth2/token?api-version=1.0" -Body $body
    $headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
    $oCheckSubscriptions = Invoke-RestMethod -Headers $headerParams -Uri "$resource/api/v1.0/$TenantGUID/activity/feed/subscriptions/list"

    foreach($oSubscription in $oCheckSubscriptions){
    if ($oSubscription.contentType -eq $null){
    Invoke-WebRequest -Method Post -Headers $headerParams -Uri "$resource/api/v1.0/$TenantGUID/activity/feed/subscriptions/start?contentType=Audit.AzureActiveDirectory"
    }
    }

    $content = Invoke-RestMethod -Method GET -Headers $headerParams -Uri "$resource/api/v1.0/$TenantGUID/activity/feed/subscriptions/content?contentType=Audit.SharePoint"
    $contentUri = $content.contentUri

    $contents = Invoke-RestMethod -Method GET -Headers $headerParams -Uri $contentUri
    $duplicateChecker = $null
    foreach($JsonStr in $contents ){

    $CheckOp = $JsonStr.Operation
    $SecurityGroup = $JsonStr.TargetUserOrGroupType
    $siteUrl = $JsonStr.ObjectId 
    $TargetUserOrGroupName = $JsonStr.TargetUserOrGroupName
        if ($CheckOp -eq 'SharingPolicyChanged' -or ($SecurityGroup -eq 'SecurityGroup' -and $TargetUserOrGroupName -eq 'Everyone except external users' ) -and $duplicateChecker -ne $siteUrl){
            Write-Host $siteUrl
        }
    $duplicateChecker = $siteUrl 
    

    }

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.