Connect app with teams

Roeland Matthijssens 1 Reputation point
2021-03-17T11:03:52.517+00:00

In Azure Active Directory I've registered a new app and given it the Read and create online meetings permissions. I've granted admin consent for the permission and now I'm trying to create a meeting through the command line.

I generated a client secret for the app.

Then I'm requesting a access token using my tenant GUID, client ID of the app and client secret I generated. This gives me back a jwt. When I decode the JWT amongst the roles I can see "OnlineMeetings.ReadWrite.All" which gives me hope that I can actually create meetings using this bearer token.

I then send a POST request to https://graph.microsoft.com/v1.0/users/<my-user-guid>/onlineMeetings
with the following body:

{
   "startDateTime":"2021-03-16T14:33:30.8546353-07:00",
   "endDateTime":"2021-03-16T15:03:30.8566356-07:00",
   "subject":"Application Token Meeting",
   "participants": {
     "organizer": {
       "identity": {
         "user": {
           "id": "<my-user-guid>"
          }
        }
      }
    }
  }

and the response comes back with

"code": "Forbidden",
"message": "Application does not have permission to Create online meeting on behalf of this user.",

Am I missing something?

Edit:

I've looked at the access policies, which I didn't configure initially. However I'm stuck here. The documentation first requires me to connect to Skype for Business via PowerShell. Going through the steps I'm running into problems trying to run this command Connect-Microsoft Teams -Credential $userCredential (I'm running this in the PowerShell console in the azure portal, not locally).
When I use the credentials of my personal Microsoft account I get the following error:

accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: Response status code does not indicate success: 406 (NotAcceptable).

Maybe this is because I'm using my personal account, which isn't a work/school account (although I'm not entirely sure what it means to be a work account)
So I tried it again after I created a new account in the Azure Active Directory page.

This gives me the following:

password_required_for_managed_user: Password is required for managed user

So I'm not sure how to progress now. I'm probably doing something wrong because I don't fully understand the ecosystem and what all the moving parts are

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,332 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Diana Wanjuhi 1,376 Reputation points
    2021-03-18T10:52:50.28+00:00

    Hi @Roeland Matthijssens from the online meetings permission reference, administrators can configure a policy to allow applications to access online meetings on behalf of the user. The error above is happening due to your app trying to access an online meeting when application access policy is not configured. Please see documentation here on how to configure access policy.

    I hope this helps,

    Diana.