Give Presence.Read.All permission for continuous-running scripts

SATO Yusuke 21 Reputation points
2021-11-29T16:47:47.837+00:00

Background

  • I am writing a script that records our staff's presence in Office365 to assist attendance management.
  • The script uses Microsoft Graph REST API (GET /users/{id}/presence) to get one's presence.
  • The script runs from Task Scheduler periodically with the Run whether user is logged on or not option.
  • The script runs continuously, so I think I have to register this script to Azure Active Directory so that the script can update the access token to call Microsoft Graph REST API. ## Problem

To test This script, I am using Microsoft 365 developer instant sandbox. When I register the script to Azure Active Directory and request API permissions, I have selected "Application permissions" because the script runs in the background. But with this selection, I could not select the "Presence.Read.All" permission.
153434-applicationpermissions.png

The permission "Presence.Read.All" is permission is required from the "GET /users/{id}/presence" API endpoint.
153357-presence.png

You can select the Presence.ReadWrite.All permission, but I cannot use this permission because it requires Admin consent (I am not an administrator of Azure AD of our company). Also, I don't want to use this permission to avoid additional security risks. The script reads one's presence but doesn't modify it, so the Presence.Read.All permission is enough for the script.

You can select the Presence.Read.All permission when you select Delegated permissions, but I think this option is not suitable for the script because it runs even if I have logged out from Windows.
153390-delegatedpermissions.png

Question

How can I give minimum requisite permissions to a continuous-running script that uses GET /users/{id}/presence API endpoint?

Microsoft Graph Permissions API
Microsoft Graph People API
Microsoft Graph People API
A Microsoft API that allows you to retrieve the people who are most relevant to you.
33 questions
Microsoft Graph Cloud Communications API
Microsoft Graph Cloud Communications API
A Microsoft API that adds a new dimension to how your apps and services interact with users through various communications-related features, such as calling and online meetings.
122 questions
No comments
{count} votes

Accepted answer
  1. Sheena-MSFT 1,706 Reputation points
    2022-03-09T17:19:27.77+00:00

    Hi @SATO Yusuke ,

    Currently presence-get API is not supported in application scope

    181565-presence.png
    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    No comments

0 additional answers

Sort by: Most helpful