How to fix 'User login. Teams is disabled for your tenant.' error in graph api call

2
votes

I want to use Teams graph api to retrieve all channels of a team (group).

I use a 'Get' request on 'https://graph.microsoft.com/v1.0/teams/{GroupId}/channels'

The response is 'Access Denied', 'User login. Teams is disabled for your tenant.'

Other informations:

  • I don't have any issue when I use Teams app (web or desktop), the user is the owner of the team (group).

  • The user is under Office 365 F1 license with teams activated.

  • He possess the 'security administrator' role.

  • I retrieve the teams by the get request : 'https://graph.microsoft.com/v1.0/me/memberOf', that work fine.

  • I got the same error with : 'https://graph.microsoft.com/v1.0/me/joinedTeams'

  • I use an application with "group.ReadWrite.all" and "user.Read.all" rights and the connexion uses a bearer token.

  • It's not my environment so I can't give the permissions for graph Api Explorer, I m not admin. So with the graph Api Explorer i get a 403, forbidden request.

If anyone can help. Thanks

ANSWER : The problem is the F1 license that work with Graph API but with some restrictions. You should use E3 to E5 license, there give full right on Graph API.

2
microsoft-graph-apiazure-ad-graph-apimicrosoft-teams
Could you please check if your token has required permission using jwt.io/#debugger-io?Wajeed-MSFT
Group.ReadWrite.All requires tenant administrator permissions. Security administrator permissions are not sufficient. @Wajeed-MSFT's suggestion is a good one - verify that the token actually has Group.ReadWrite.All and User.Read.All permissions.Bill Bliss - MSFT
@Wajeed Group.ReadWrite.All is in the token, you can see it below : "scp": "Directory.AccessAsUser.All Directory.ReadWrite.All Group.ReadWrite.All Member.Read.Hidden User.Read.All User.ReadBasic.All", "sub": "VCBCT_Lht8I5eXB5tFCZ5hFmNQuRxNhAZLnbp_KnMk8", "tid": "47abbbbc-b105-437d-9a5f-1d3953dc944f", …Harold Jabraud
@BillBliss-MSFT, I understand what you are saying but on a Microsoft demo tenant i can use my code without problem using an user with just security administrator permission… I don't think the problem is in my code or the user configuration (except maybe the F1 license, but SunnySun said it wasn't the problem) I m pretty sure it s a tenant configuration but i don't know how to activate teams on the tenant, I read it wa not necessary anymore...Harold Jabraud
Could you please provide User License details to Microsoft Teams developer support email alias?Wajeed-MSFT

2 Answers

0
votes

On my side, both of them work well with the O365 user license.

GET 'https://graph.microsoft.com/v1.0/teams/{teamId}/channels

enter image description here

GET https://graph.microsoft.com/v1.0/me/joinedTeams

enter image description here

0
votes

WARNING ! When you use graph API (Teams particulary) the user should have E3 to E5 license. The F1 license work too but with some restrictions. I will add the restrictions later in my post.

Thanks for everyone help.