Microsoft graph people\me return 用户空列表

Microsoft graph people\me return empty list of users

我已经在 Office 365 试用版中创建了一个帐户。我已经在 Azure 上添加了新的应用程序注册权限:

BookingsAppointment.ReadWrite.All 
Calendars.ReadWrite
Contacts.ReadWrite 
EWS.AccessAsUser.All
Mail.ReadWrite 
Mail.Send 
People.Read 
User.Read 
User.ReadBasic.All

当我以创建 office 帐户的用户身份调用 https://graph.microsoft.com/v1.0/me/people 时,会获得完整的用户和资源列表。

当我以具有管理员权限的管理员创建的用户身份调用时,我得到一个空列表。 我对管理员用户和创建的管理员用户调用权限 link:

https://login.microsoftonline.com/{}/oauth2/v2.0/authorize?client_id={}&response_type=code&scope=BookingsAppointment.ReadWrite.All%20Calendars.ReadWrite%20Contacts.ReadWrite%20EWS.AccessAsUser.All%20Mail.ReadWrite%20Mail.Send%20People.Read%20People.Read%20User.Read%20User.ReadBasic.All

怎么了?

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('fb6b188c-8698-4a03-9da4-82b7479c4625')/people",
    "value": []
}

对于一个用户(在你的情况下我们称之为管理员)能够使用委托授权访问另一个用户的联系人文件夹需要 Contacts.Read.Shared 或 Contacts.ReadWrite.Shared 请参阅 https://docs.microsoft.com/en-us/graph/outlook-get-shared-contacts-folders

另一件事是管理员权限对邮箱访问没有意义,例如,对邮箱的委派访问都需要通过 Add-MailboxPermission https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions?view=exchserver-2019 or delegate through Outlook. (eg if you can access the target mailbox through OWA or Outlook your Exchange rights are good but just being a Tenant Admin means in regards to mailbox access). Your other option is if your trying to create an app that is going to access all mailboxes in a tenant look at app only tokens https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-registration

明确授予