search

microsoftgraph / microsoft-graph-comms-samples

Microsoft Graph Communications Samples
MIT License
204 stars 220 forks source link

Unable to join the external Teams meeting scheduled by another tenant #709

Open Tomlee1993 opened 3 months ago

Tomlee1993 commented 3 months ago

Describe the issue A clear and concise description of what the issue is.

Scenario: Tenant(account) A create a bot A User A belongs to Tenant(account) A and schedules a Teams meeting A Result: the bot A can join the Teams meeting A

Scenario : User B belongs to Tenant(account) B and schedules a Teams meeting B Result : The bot A is unable to join the Teams Meeting B Error: {Code: 7504 Message: Insufficient enterprise tenant permissions, cannot access this API. Scenario Id: bb26cf09-7da1-4bee-8fb4-acd71a423e49 Inner error: AdditionalData: date: 2024-03-05T09:45:32 request-id: e30c1a8a-e203-40a6-9bde-817a43a35ff3 client-request-id: 69dbebe6-4511-4544-a256-fd8649158431 }

I have given all necessary permissions to the bot(see screenshot below), can someone help me find out the reason? Thanks in advance. image

Code Snippet Insert the code snippet if any.

Expected behavior A clear and concise description of what you expected to happen. the bot can join external Teams meetings Graph SDK (please complete the following information):

Call ID Provide the list call ids that encountered this issue. Include the time in UTC/GMT when these call have occurred.

context={"Tid":"e31a6123-4833-4fde-975b-9391bded7a2e","Oid":"f896989f-7c5f-40a5-8dc5-ba34333a1393"}

Logs If required, please add logs from the SDK. (Please remove any PII from the logs before uploading)

Additional context Add any other context about the problem here.

1fabi0 commented 3 months ago

This behaviour is absolutely intendet, A Tenant Admin of Tenant B has to give the admin Consent for your bot to access the Scopes requested. Also see the docs of the AKS Sample regarding the AppRegistration in other tenants.

Tomlee1993 commented 3 months ago

This behaviour is absolutely intendet, A Tenant Admin of Tenant B has to give the admin Consent for your bot to access the Scopes requested. Also see the docs of the AKS Sample regarding the AppRegistration in other tenants.

the admin of Tenant A has given the consent to the bot. @1fabi0 May I know why tenant admin of tenant B also needs to give consent to the bot? it doesn't make sense...

1fabi0 commented 3 months ago

@Tomlee1993 It completely makes sense else the bot could join globally all meetings and automatically spy sensitive information of other tenants

Tomlee1993 commented 3 months ago

@1fabi0 So if we want the bot to join an external meeting scheduled by other tenant, the bot needs the consent from the admin of other tenant, am I right?

1fabi0 commented 3 months ago

Yes that's correct