Missing "MyFiles" capability

[MiguelGL]

Hello, we are since recently experiencing problems with our Android app accessing OneDrive via the following dependencies:

compile group: 'com.microsoft.services', name: 'odata-engine-core', version: '0.13.0'
compile group: 'com.microsoft.services', name: 'odata-engine-android-impl', version: '0.13.0', ext: 'aar'
compile group: 'com.microsoft.services', name: 'discovery-services', version: '0.13.0'
compile group: 'com.microsoft.aad', name: 'adal', version: '1.1.11'
compile group: 'com.microsoft.services', name: 'file-services', version: '0.11.1'

When we read the ServiceInfos returned by discoveryClient.getservices().read(); we now read a single service info which just has the Directory capability. Until some time ago what we used to obtain was at least one ServiceInfo which had a capability named MyFiles. We then checked for this specific capability and went on to our OneDrive using code without problems.

So now that we do not get this MyFiles cap, our application fails. If we try to test to skip this capability check in our own code and directly go to the OneDrive specific code, we then get 403 errors reported via Exception from your API.

The "Delegated Permissions" we are using in our application, set in the Azure Portal are:

Windows Azure Active Directory: (2 perms)

• Access the directory as the signed-in user
• Sign in and read user profile

Microsoft Graph: (5 perms)

• Have full access to user files
• Read user files
• Read items in all site collections
• Read files that the user selects
• Sign in and read user profile

Has anything changed? Do we need to delegate any additional permissions?

Or, maybe, should we now implement a different approach for any reason?

For the record, our iOS team using these deps for months now are experiencing no issues:

pod 'LiveSDK'
pod 'ADALiOS', '~> 1.2.2' # 1.2.2 < ver < 1.2.2
pod 'OrcEngine/Implementation', :git => 'https://github.com/MSOpenTech/orc-for-ios.git', :branch => 'dev'
pod 'Office365/Files', :git => 'https://github.com/greathansen/Office-365-SDK-for-iOS', :branch => 'orc-poc'`

Thanks in advance!

[ricalo]

Hi @MiguelGL,

I think that with this SDK you have to use permissions in the Office 365 SharePoint Online application instead of Microsoft Graph.

You can use the Microsoft Graph permissions with REST endpoints or the Microsoft Graph SDK for Android (Preview).

Let me know if you have more questions.

[MiguelGL]

Hey @ricalo thanks for such quick response!

The thing is I do not find such "Office 365 SharePoint Online" permissions section when I enter our Azure Portal settings. I am attaching a screenshot of those available when I use the old Portal and go to "Active Directory" -> "Default Directory" -> "Applications" -> (select our app) -> "Configure" -> "Add Application" Button.

Also, trying to perform a similar navigation through the new Portal ends up leading me to exactly the same place into the old portal.

Is there anything else we need to configure for these "Office 365 SharePoint Online" permissions to be available?

Thanks again!

[ricalo]

Mmm... is it possible that you're browsing a directory that doesn't have an Office 365 subscription?
This StackExchange thread explains the problem.

Check if Default directory really is the directory that is linked to your Office 365 subscription. You can probably identify this by looking at the users. Instead of going to
Active Directory > Default Directory > Applications
go to...
Active Directory > Default Directory > Users
And verify that the users listed there have access to Office 365.

Let me know how this goes.

[MiguelGL]

Hey thanks again. We happen to be experiencing the same problem as the one described on the StackExchange link.

The weird thing is our organisation does have a SharePoint Online subscription (we browse and edit documents online, Excel, Doc etc.).

Could it be that our SharePoint subscription is not linked (or whatever) to the Domain we access when through the Azure Portal? If so, how could we fix this?

Thanks again for your help.

[ricalo]

It's kind of hard to tell.

If Active Directory > Default Directory > Users has the same users that can access SharePoint Online then you should be okay and your best bet is probably to contact support 😞

If not, you can try to link your Office 365 subscription to your Azure subscription. You'll find how to do it in the following article - Associate your Office 365 account with Azure AD to create and manage apps.

I'm sorry you're having such a hard time with this issue.

[MiguelGL]

Dear @ricalo your kind and detailed help is very much appreciated :)

When following the steps in the provided link I am missing the Use existing directory option after selecting Custom Create. The only choice I am offered is a dialog as the one shown here:

Is that maybe an outdated article? Other things we could try?

Thanks a lot again!

[ricalo]

I saw that issue a long time ago. I think I remember how to solve it.

The problem is that the Use existing directory option doesn't show up unless you're using a Microsoft account (user@hotmail.com, user@outlook.com or user@live.com) to manage the directory. Try this:

1. Go to Active Directory > Default Directory > Users
2. Click Add user
3. Select User with an existing Microsoft account
4. Type your Microsoft account (create one if you don't have one already)
5. In the User profile dialog, add the Global Admin role to the account.
6. Open an inPrivate or incognito browser window.
7. Go to the Azure Portal.
8. Sign in with your Microsoft account.

Now you can try either of the following:

• Go to your app registration and see if you can add the Office 365 SharePoint Online application
• Retry Associate your Office 365 account with Azure AD to create and manage apps. You should see the Use existing directory option this time.

Hope this helps.

[MiguelGL]

Hello again Ricalo. We are so grateful for your dedication and help. Unfortunately we have not been able to work this out as per your prev. indications. We have created a new @outlook.com account and added as Global Admin in Azure AD management.

But when we sign in with this @outlook.com user into the Azure Portal we get a "You have no Subscriptions" message preventing us from entering the portal. Also, the link you provided to "Associate your Office 365 account ... manage apps" does not work.

We're stuck here and have no further ideas... any hints you'd like to share?

Thanks again!!

[ricalo]

Mmmm... I'm running out of ideas. My guess is that the outlook.com account has to be added as a co-administrator, but I think the concepts have changed in the UI and I no longer can see how you can add a user as a co-administrator. What I can see is how to add him as an owner.

1. Go to http://portal.azure.com and sign in with the account that has access to the subscription.
2. On the navigation bar to the left click Subscriptions
3. Select your subscription and then click Settings
4. Click Users > Add > Select a role > Owner > Invite and then type the outlook account in the invite textbox.