Unable to save settings if using DfA microsoftsupport.com email domain account.

[rossanov]

Hi guys, I'm getting this error when saving settings using my @microsoftsupport.com account:

Checking the logs I see the following:

2021-02-16 11:26:07,error,MoveNext: at OOFScheduling.Form1.d9.MoveNext() ,Unable to get OOF settings: {"error":{"code":"AuthOMMissingRequiredPermissions","message":"The AadGuestPft token doesn't contain the permissions required by the target API.","innerError":{"oAuthEventOperationId":"9b9cfe40-3364-44a7-861f-d117a1c32f7d","oAuthEventcV":"TvOJqbBjX0+mmfnxuzSevw.1.1.1","errorUrl":"https://aka.ms/autherrors#error-InvalidGrant","requestId":"c0c5c819-5a41-4ef2-b772-49467cbcc2e5","date":"2021-02-16T10:26:07"}}} 2021-02-16 11:26:07,error,MoveNext: at OOFScheduling.Form1.d9.MoveNext() ,Hint - most common cause for the above is old OOFSponder auth flow with tenant without admin consent 2021-02-16 11:26:12,info,fileToolStripMenuItem_DropDownOpening,fileToolStripMenuItem_DropDownOpening

Do you have any plan to support the new email domain used by all DfA users (almost everyone on all CSS)?

Thanks

[EvanBasalik]

Would love to support other tenants, but need an Admin to consent and that hasn't been granted yet for the tenant you call out. Just pushed code to Insider that makes this clearer:

[EvanBasalik]

Once I am a bit more confident with the code (had to completely rework the auth section), will push to prod but that won't change the end user experience unless Admin consent granted

[frcardos]

Hi Evan, i'm also facing the same issue. If i understood you clearly you still struggling to fix the issue because you need to admin rigths to do some of the work that is required? Is that it?

You don't have yet any dates to the app working with @microsoftsupport.com domain correct?

Cheers.

[EvanBasalik]

Correct - an Enterprise Admin for the new tenant needs to grant. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent

No ETA. Need someone in CSS to sponsor the application.

[dantecit0]

Hello Evan, besides this, is there any way to have 2 instances with different credentials running on the same machine? that way we can have both accounts running simultaneously and updating our OOF messages accordingly. Thanks!

[prafulbusa]

@dantecit0 & @EvanBasalik I had the same thought lately to try out dual instance running like other have been using dual instances of teams for two different account. I have added that shared email instruction Save below text in notepad as "Windows Command Script" (this file type is not supported to attach, so I have copied the below text from that and pasted below)

@ECHO OFF

REM Uses the file name as the profile name SET MSTEAMS_PROFILE=%~n0 ECHO - Using profile "%MSTEAMS_PROFILE%"

SET "OLD_USERPROFILE=%USERPROFILE%" SET "USERPROFILE=%LOCALAPPDATA%\Microsoft\Teams\CustomProfiles\%MSTEAMS_PROFILE%"

ECHO - Launching MS Teams with profile %MSTEAMS_PROFILE% cd "%OLD_USERPROFILE%\AppData\Local\Microsoft\Teams" "%OLD_USERPROFILE%\AppData\Local\Microsoft\Teams\Update.exe" --processStart "Teams.exe"

[prafulbusa]

I tried but it won't work as we know that required the AAD authentication to accept for another tenant as said here https://github.com/EvanBasalik/OOFSponder/issues/27#issuecomment-781010941 So, we have to internally escalate that requested to get approved from Admin for this app to work.

[EvanBasalik]

Closing because the new domain is no longer in use