英文:
Is there an API to retrieve Microsoft's newly-added pronouns in M365?
问题
我们正在实施 Microsoft 365 的 新代词功能,我们需要能够将用户提供的数据同步回我们的Active Directory环境。根据 管理员文档,这些代词 "存储在用户的Exchange邮箱中,与其他数据一起。"
然而,当我使用 Get-Mailbox(使用 ExchangeOnlineManagement 模块,版本 3.2.0 Preview2)时,我无法在任何地方看到代词数据(使用 Get-Mailbox user@example.com | Select *)。
我无法找到与此功能相关的任何PowerShell文档。是否有人能够:
- 给出详细说明如何提取此信息的文档链接
- 展示如何使用PowerShell、Microsoft的Graph API或Exchange Web Services (EWS) 访问此信息
提前感谢您能给我的任何建议!
英文:
We're implementing Microsoft 365's new pronouns feature, and we need to be able to sync this user-provided data back to our Active Directory environment. According to the admin documentation, these pronouns "are stored with other data in the user's Exchange mailbox."
However, when I use Get-Mailbox (using the ExchangeOnlineManagement module, version 3.2.0 Preview2), I'm not seeing the pronoun data anywhere (using Get-Mailbox user@example.com | Select *).
I'm not able to find any PowerShell-related documentation for this feature. Would anyone be able to either:
- Give a link to the documentation that details how to pull this information
- Show how to access this info using PowerShell, Microsoft's Graph API, or Exchange Web Services (EWS)
Thanks in advance for any advice you can give me!
答案1
得分: 2
I found that the pronouns were being retrieved from https://nam.loki.delve.office.com/api/v2/extendeduserinfo/pronouns with POST requests. Not sure if the nam or loki parts of the URL are static or specific to our tenant.
Unfortunately, it looks like this part of the Delve app isn't made public with the Graph API (at least not yet). So, I ended up creating an internal app for our company that iterates over each user and does the following:
- Uses a code-controlled browser (e.g. Selenium, Puppet) to log into Teams with a dedicated, licensed M365 user (acting as a service account)
- Once the Teams web app is loaded, finds the key in local storage that ends with
loki.delve.office.comand retrieves the token value using the key - Caches the token for faster future use (e.g. not logging in for every single user iteration)
- Then, submits a post request with the following:
- Parameters:
ConvertGetPost=trueaadObjectId=<oid>(replacing<oid>with the object ID of the target Azure AD user
- Body (these look like headers, but are in fact the body):
{ "accept": "application/json", "Content-Type": "application/json", "authorization": "<token that was retrieved above>" # these next two are required, will throw a 500 error without them "X-ClientType": "MicrosoftTeamsAngular", "X-HostAppRing": "general", }
- Parameters:
- The response resembles something like this:
{ "id": "<oid of the target Azure AD user>", # note that the preceding space is not a typo "displayName": " He/Him", "allowedAudiences": "Organization" }
These attributes are then assigned to the user in a custom field that can be used by other applications.
Not sure if we'll be able to open-source the tool, but if not, hopefully the above will be able to point anyone else in the right direction.
英文:
I found that the pronouns were being retrieved from https://nam.loki.delve.office.com/api/v2/extendeduserinfo/pronouns with POST requests. Not sure if the nam or loki parts of the URL are static or specific to our tenant.
Unfortunately, it looks like this part of the Delve app isn't made public with the Graph API (at least not yet). So, I ended up creating an internal app for our company that iterates over each user and does the following:
- Uses a code-controlled browser (e.g. Selenium, Puppet) to log into Teams with a dedicated, licensed M365 user (acting as a service account)
- Once the Teams web app is loaded, finds the key in local storage that ends with
loki.delve.office.comand retrieves the token value using the key - Caches the token for faster future use (e.g. not logging in for every single user iteration)
- Then, submits a post request with the following:
- Parameters:
ConvertGetPost=trueaadObjectId=<oid>(replacing<oid>with the object ID of the target Azure AD user
- Body (these look like headers, but are in fact the body):
{ "accept": "application/json", "Content-Type": "application/json", "authorization": "<token that was retrieved above>" # these next two are required, will throw a 500 error without them "X-ClientType": "MicrosoftTeamsAngular", "X-HostAppRing": "general", }
- Parameters:
- The response resembles something like this:
{ "id": "<oid of the target Azure AD user>", # note that the preceding space is not a typo "displayName": " He/Him", "allowedAudiences": "Organization" }
These attributes are then assigned to the user in a custom field that can be used by other applications.
Not sure if we'll be able to open-source the tool, but if not, hopefully the above will be able to point anyone else in the right direction.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论