有没有API可以检索Microsoft在M365中新添加的代词?

huangapple go评论71阅读模式
英文:

Is there an API to retrieve Microsoft's newly-added pronouns in M365?

问题

我们正在实施 Microsoft 365 的 新代词功能,我们需要能够将用户提供的数据同步回我们的Active Directory环境。根据 管理员文档,这些代词 "存储在用户的Exchange邮箱中,与其他数据一起。"

然而,当我使用 Get-Mailbox(使用 ExchangeOnlineManagement 模块,版本 3.2.0 Preview2)时,我无法在任何地方看到代词数据(使用 Get-Mailbox user@example.com | Select *)。

我无法找到与此功能相关的任何PowerShell文档。是否有人能够:

  • 给出详细说明如何提取此信息的文档链接
  • 展示如何使用PowerShell、Microsoft的Graph API或Exchange Web Services (EWS) 访问此信息

提前感谢您能给我的任何建议!

英文:

We're implementing Microsoft 365's new pronouns feature, and we need to be able to sync this user-provided data back to our Active Directory environment. According to the admin documentation, these pronouns "are stored with other data in the user's Exchange mailbox."

However, when I use Get-Mailbox (using the ExchangeOnlineManagement module, version 3.2.0 Preview2), I'm not seeing the pronoun data anywhere (using Get-Mailbox user@example.com | Select *).

I'm not able to find any PowerShell-related documentation for this feature. Would anyone be able to either:

  • Give a link to the documentation that details how to pull this information
  • Show how to access this info using PowerShell, Microsoft's Graph API, or Exchange Web Services (EWS)

Thanks in advance for any advice you can give me!

答案1

得分: 2

I found that the pronouns were being retrieved from https://nam.loki.delve.office.com/api/v2/extendeduserinfo/pronouns with POST requests. Not sure if the nam or loki parts of the URL are static or specific to our tenant.

Unfortunately, it looks like this part of the Delve app isn't made public with the Graph API (at least not yet). So, I ended up creating an internal app for our company that iterates over each user and does the following:

  • Uses a code-controlled browser (e.g. Selenium, Puppet) to log into Teams with a dedicated, licensed M365 user (acting as a service account)
  • Once the Teams web app is loaded, finds the key in local storage that ends with loki.delve.office.com and retrieves the token value using the key
  • Caches the token for faster future use (e.g. not logging in for every single user iteration)
  • Then, submits a post request with the following:
    • Parameters:
      • ConvertGetPost=true
      • aadObjectId=<oid> (replacing <oid> with the object ID of the target Azure AD user
    • Body (these look like headers, but are in fact the body):
      {
        "accept": "application/json",
        "Content-Type": "application/json",
        "authorization": "<token that was retrieved above>"
        # these next two are required, will throw a 500 error without them
        "X-ClientType": "MicrosoftTeamsAngular",
        "X-HostAppRing": "general",
      }
      
  • The response resembles something like this:
    {
      "id": "<oid of the target Azure AD user>",
      # note that the preceding space is not a typo
      "displayName": " He/Him",
      "allowedAudiences": "Organization"
    }
    

These attributes are then assigned to the user in a custom field that can be used by other applications.

Not sure if we'll be able to open-source the tool, but if not, hopefully the above will be able to point anyone else in the right direction.

英文:

I found that the pronouns were being retrieved from https://nam.loki.delve.office.com/api/v2/extendeduserinfo/pronouns with POST requests. Not sure if the nam or loki parts of the URL are static or specific to our tenant.

Unfortunately, it looks like this part of the Delve app isn't made public with the Graph API (at least not yet). So, I ended up creating an internal app for our company that iterates over each user and does the following:

  • Uses a code-controlled browser (e.g. Selenium, Puppet) to log into Teams with a dedicated, licensed M365 user (acting as a service account)
  • Once the Teams web app is loaded, finds the key in local storage that ends with loki.delve.office.com and retrieves the token value using the key
  • Caches the token for faster future use (e.g. not logging in for every single user iteration)
  • Then, submits a post request with the following:
    • Parameters:
      • ConvertGetPost=true
      • aadObjectId=&lt;oid&gt; (replacing &lt;oid&gt; with the object ID of the target Azure AD user
    • Body (these look like headers, but are in fact the body):
      {
        &quot;accept&quot;: &quot;application/json&quot;,
        &quot;Content-Type&quot;: &quot;application/json&quot;,
        &quot;authorization&quot;: &quot;&lt;token that was retrieved above&gt;&quot;
        # these next two are required, will throw a 500 error without them
        &quot;X-ClientType&quot;: &quot;MicrosoftTeamsAngular&quot;,
        &quot;X-HostAppRing&quot;: &quot;general&quot;,
      }
      
  • The response resembles something like this:
    {
      &quot;id&quot;: &quot;&lt;oid of the target Azure AD user&gt;&quot;,
      # note that the preceding space is not a typo
      &quot;displayName&quot;: &quot; He/Him&quot;,
      &quot;allowedAudiences&quot;: &quot;Organization&quot;
    }
    

These attributes are then assigned to the user in a custom field that can be used by other applications.

Not sure if we'll be able to open-source the tool, but if not, hopefully the above will be able to point anyone else in the right direction.

huangapple
  • 本文由 发表于 2023年4月17日 21:44:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/76035837.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定