Skip to content

As verified, app permission is fine with invitation restriction now#9556

Merged
FaithOmbongi merged 4 commits into
microsoftgraph:mainfrom
SiverShiSSS:patch-1
Jun 4, 2025
Merged

As verified, app permission is fine with invitation restriction now#9556
FaithOmbongi merged 4 commits into
microsoftgraph:mainfrom
SiverShiSSS:patch-1

Conversation

@SiverShiSSS
Copy link
Copy Markdown
Contributor

@SiverShiSSS SiverShiSSS commented Apr 19, 2025

As verified, pp permission is fine with invitation restriction now

Important

Required for API changes:

  • Link to API.md file: ADD LINK HERE
  • Link to PR for public-facing schema changes (schema-Prod-beta/v1.0.csdl): ADD LINK HERE

Add other supporting information, such as a description of the PR changes:

ADD INFORMATION HERE

Important

The following guidance is for Microsoft employees only. Community contributors can ignore this message; our content team will manage the status.

After you've created your PR, expand this section for tips and additional instructions.
  • do not merge is the default PR status and is automatically added to all open PRs that don't have the ready to merge label.
  • Add the ready for content review label to start a review. Only PRs that have met the minimum requirements for content review and have this label are reviewed.
  • If your content reviewer requests changes, review the feedback and address accordingly as soon as possible to keep your pull request moving forward. After you address the feedback, remove the changes requested label, add the review feedback addressed label, and select the Re-request review icon next to the content reviewer's alias. If you can't add labels, add a comment with #feedback-addressed to the pull request.
  • After the content review is complete, your reviewer will add the content review complete label. When the updates in this PR are ready for external customers to use, replace the do not merge label with ready to merge and the PR will be merged within 24 working hours.
  • Pull requests that are inactive for more than 6 weeks will be automatically closed. Before that, you receive reminders at 2 weeks, 4 weeks, and 6 weeks. If you still need the PR, you can reopen or recreate the request.

For more information, see the Content review process summary.

@SiverShiSSS
As verified, pp permission is fine with invitation restriction now
b120235 
As verified, pp permission is fine with invitation restriction now
@SiverShiSSS SiverShiSSS changed the title As verified, pp permission is fine with invitation restriction now As verified, app permission is fine with invitation restriction now Apr 19, 2025
@learn-build-service-prod
Copy link
Copy Markdown
Contributor

learn-build-service-prod Bot commented Apr 19, 2025

Learn Build status updates of commit b120235:

✅ Validation status: passed

File Status Preview URL Details
api-reference/v1.0/api/invitation-post.md ✅Succeeded

For more details, please refer to the build report.

For any questions, please:

@FaithOmbongi FaithOmbongi requested a review from ppolkadots April 25, 2025 10:17
@FaithOmbongi FaithOmbongi self-assigned this Apr 25, 2025
@FaithOmbongi FaithOmbongi added area: Entra APIs and issues relating to Microsoft Entra (previously Azure AD) features. ExtID CIAM, B2C, B2B scenarios labels Apr 25, 2025
@FaithOmbongi
Copy link
Copy Markdown
Contributor

FaithOmbongi commented Apr 25, 2025

I've pinged @ppolkadots to confirm.

@kyachi
Copy link
Copy Markdown

kyachi commented May 2, 2025

Hello @FaithOmbongi , When is this pull request expected to be merged?

@FaithOmbongi
Copy link
Copy Markdown
Contributor

FaithOmbongi commented May 6, 2025

Hi @SiverShiSSS - I'm still waiting for SME approval.

cc @ppolkadots

@FaithOmbongi
Copy link
Copy Markdown
Contributor

FaithOmbongi commented May 6, 2025

Product team confirmed the original text was correct so asked @SiverShiSSS to provide additional context.

@kyachi
Copy link
Copy Markdown

kyachi commented May 7, 2025

After verifying the behavior, we found that when invitations are disabled (specifically, with the tenant set to the following value), Application Permission (app-only) fails to invite guest users.

External collaboration settings :

image

Command result :

image

On the other hand, when guest user invitations are restricted to administrators only, Application Permission (app-only) succeeds in inviting guest users.

External collaboration settings :

image

Command result :

image

In light of this, I believe we need to remove the section below—what do you think?
If you agree, I'd like to revise it to remove only the strikethrough.

URL : https://learn.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0&tabs=http
- Application permissions (app-only) don't work if B2B invitations are disabled on the tenant or if B2B invitations are restricted to administrators.

I’d appreciate your opinion.

kyachi
kyachi reviewed Jun 4, 2025
View reviewed changes
Comment thread api-reference/v1.0/api/invitation-post.md
> - Both nonadmin member users and guest users can invite guests if the tenant admin hasn't restricted the [default user permissions](/entra/fundamentals/users-default-permissions?toc=%2Fgraph%2Ftoc.json).
> - Guest Inviter, Directory Writers, or User Administrator.
> - To reset the redemption status: Helpdesk Administrator or User Administrator.
> - Application permissions (app-only) don't work if B2B invitations are disabled on the tenant or if B2B invitations are restricted to administrators.
Copy link
Copy Markdown

@kyachi kyachi Jun 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @SiverShiSSS
How about rewriting it as follows?

  • These permissions don’t work if B2B invitations are disabled on the tenant.

After separate discussions with the Software Engineers, we confirmed that this statement diverges from the actual behavior. Specifically, we concluded that these permissions only fail when B2B invitations are disabled.

@SiverShiSSS
Update invitation-post.md
41b7493 
maintain the change as"Application permissions (app-only) don't work if B2B invitations are disabled on the tenant" 

and remove the comments regarding B2B restriction as it was verified as no impact on app permission.

"if B2B invitations are restricted to administrators."
@SiverShiSSS
Merge pull request #1 from SiverShiSSS/SiverShiSSS-patch-1
3b0fca4 
Update invitation-post.md
@learn-build-service-prod
Copy link
Copy Markdown
Contributor

learn-build-service-prod Bot commented Jun 4, 2025

Learn Build status updates of commit 3b0fca4:

✅ Validation status: passed

File Status Preview URL Details
api-reference/v1.0/api/invitation-post.md ✅Succeeded

For more details, please refer to the build report.

For any questions, please:

@FaithOmbongi
Update invitation-post.md - B2B invitations
e32915b 
Changes approved by Ayush Banka (Ayush.Banka@microsoft.com)
FaithOmbongi
FaithOmbongi approved these changes Jun 4, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@FaithOmbongi FaithOmbongi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ayush.Banka@microsoft.com approved the changes.

@FaithOmbongi FaithOmbongi added content review complete Apply when the content review is complete on a PR. ready to merge Use this label to indicate to the repository admins that your PR is ready to merge into master. and removed awaiting internal response labels Jun 4, 2025
@learn-build-service-prod
Copy link
Copy Markdown
Contributor

learn-build-service-prod Bot commented Jun 4, 2025

Learn Build status updates of commit e32915b:

✅ Validation status: passed

File Status Preview URL Details
api-reference/beta/api/invitation-post.md ✅Succeeded
api-reference/v1.0/api/invitation-post.md ✅Succeeded

For more details, please refer to the build report.

For any questions, please:

@FaithOmbongi FaithOmbongi merged commit e2c18c5 into microsoftgraph:main Jun 4, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FaithOmbongi FaithOmbongi FaithOmbongi approved these changes

@ppolkadots ppolkadots Awaiting requested review from ppolkadots

+1 more reviewer

@kyachi kyachi kyachi left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@FaithOmbongi FaithOmbongi

Labels

area: Entra APIs and issues relating to Microsoft Entra (previously Azure AD) features. content review complete Apply when the content review is complete on a PR. ExtID CIAM, B2C, B2B scenarios ready to merge Use this label to indicate to the repository admins that your PR is ready to merge into master.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SiverShiSSS @FaithOmbongi @kyachi