Skip to content

Cannot create online meeting with Enterprise Application #2369

Open
Open
Cannot create online meeting with Enterprise Application#2369
Labels
status:waiting-for-triageAn issue that is yet to be reviewed or assignedtype:bugA broken experience
@Lory1990

Description

@Lory1990
Lory1990
opened on May 7, 2025

Describe the bug

We're unable to create an online meeting using the Microsoft Graph SDK with a service principal. We're following the application permissions flow (not delegated) and calling the Graph API with the correct scopes and payload, but the request fails withthe follwing error

com.microsoft.graph.models.odataerrors.ODataError: No application access policy found for this app.

Expected behavior

Online meeting created

How to reproduce

  • Added deps
<dependency>
            <groupId>com.azure</groupId>
            <artifactId>azure-identity</artifactId>
            <version>1.15.4</version>
        </dependency>
        <dependency>
            <groupId>com.microsoft.graph</groupId>
            <artifactId>microsoft-graph</artifactId>
            <version>6.36.0</version>
        </dependency>
  • Created an Enterprise Application and corresponding Service Principal.
  • Granted all required application permissions, including:
    • OnlineMeetings.ReadWrite.All
    • User.Read.All
    • Calendars.ReadWrite
    • All permissions have been admin-consented.
  • Created a mail-enabled security group and added all relevant users to it.
  • Used the following code to try to create an online meeting:
@Override
    public Event createCall(CallDTO callData) throws TechnicalUserIsNullException {
        try {
            GraphServiceClient graphClient = accessTokenGenerationService.getGraphServiceClient();

            User organizerUser = accessTokenGenerationService.getTechnicalUser();

            // 2.Create online meeting
            OnlineMeeting meeting = createOnlineMeeting(callData, graphClient);
            OnlineMeeting createdMeeting = graphClient.users()
                    .byUserId(organizerUser.getId())
                    .onlineMeetings()
                    .post(meeting);

        } catch (ODataError error) {
            log.error("Error calling Microsoft Graph API: {} - {} - {}", error.getError().getCode(), error.getError().getMessage(), error.getError().getTarget());
            log.error("Error calling Microsoft Graph API Inner clientRequestId: {} - requestId: {} - OdataType: {}", error.getError().getInnerError().getClientRequestId(), error.getError().getInnerError().getRequestId(), error.getError().getInnerError().getOdataType());
            throw error;
        } catch (Exception ex) {
            log.error("Error creating Teams call: {}", ex.getLocalizedMessage(), ex);
            throw ex;
        }
    }


    private OnlineMeeting createOnlineMeeting(CallDTO callData, GraphServiceClient graphClient) {
        OnlineMeeting meeting = new OnlineMeeting();
        meeting.setStartDateTime(OffsetDateTime.of(callData.from(), ZoneOffset.UTC));
        meeting.setEndDateTime(OffsetDateTime.of(callData.to(), ZoneOffset.UTC));
        meeting.setSubject(callData.title());
        meeting.setParticipants(buildMeetingParticipants(callData.organizerEmail(), callData.otherParticipants(), graphClient));
        meeting.setAllowedLobbyAdmitters(AllowedLobbyAdmitterRoles.OrganizerAndCoOrganizersAndPresenters);
        meeting.setRecordAutomatically(callData.recordCall());
        return meeting;
    }

    private MeetingParticipants buildMeetingParticipants(String organizer, List<String> otherParticipants, GraphServiceClient graphClient) {
        MeetingParticipants participants = new MeetingParticipants();
        participants.setOrganizer(createMeetingParticipantInfo(organizer, graphClient, true));
        participants.setAttendees(otherParticipants.stream()
                .map(email -> createMeetingParticipantInfo(email, graphClient, false))
                .toList());
        return participants;
    }

Then i created the application policy using powershell on portal azure

Install-Module ExchangeOnlineManagement
Connect-ExchangeOnline
New-ApplicationAccessPolicy `
    -AppId 41874eeb-9f6f-45b6-bb20-becdcb0d461e `
    -PolicyScopeGroupId group-for-meeintg@example.com `
    -AccessRight RestrictAccess `
    -Description "A sample description"

SDK Version

6.36.0

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log ``` 
</details>


### Configuration

_No response_

### Other information

_No response_

Metadata

Metadata

Assignees

No one assigned

    Labels

    status:waiting-for-triageAn issue that is yet to be reviewed or assignedtype:bugA broken experience

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions