5

I am trying to implement a hardware busy light to show my Microsoft Teams presence so that my family to not enter the room I have the office while I am in a meeting. I am looking to implement something similar to:

The only problem I have with this setup is that I cannot get the MS Teams status.

The best way to go is by using MS Graph Presence API but my problem is that this is a company account and I don't have (and there is no way I could have) and app in the main subscription granted with the required scope: Presence.Read.

So I tried different ideas but none worked in the end:

  • check local running processes
  • check if MS Teams exposes any local API
  • check if there is a CLI available

This seems a simple idea, I mean, I see the status right there now while I am typing this message, I could as well do an app that gets a screenshot of the taskbar and extract the status from the icon, but is that really the only option I have?

SmartDev
  • 2,802
  • 1
  • 17
  • 22

2 Answers2

6

I think I found something interesting for you.

Go to

C:\Users\user\AppData\Roaming\Microsoft\Teams

you'll find a file called logs.txt

In this file you see if your current state changed

(current state: Available -> DoNotDisturb)

I would write a script with php or VB (depends on your skills) that read that logs.txt file like every minute and check for the last "current state" line.

M1NT
  • 386
  • 1
  • 4
  • 13
  • 1
    Incredible, such a simple solution! Thank you, I will go this way, even if there is no guarantee this file will still be there in the future versions of MS Teams. – SmartDev Oct 22 '21 at 12:13
  • 1
    Just FYI, this just materialized: https://www.linkedin.com/posts/miscalencu_workingfromhome-quarantinelife-geeklife-activity-6895151178066579456-DKPh/ – SmartDev Feb 06 '22 at 12:29
  • @SmartDev Very nice!! – M1NT Feb 09 '22 at 13:39
  • Do you know where the logs.txt is found on macOS? – Deusdeorum Oct 13 '22 at 08:10
  • ^ found the log in `~Library/Application Support/Microsoft/Teams/*` but did microsoft change their log behaviour for statuses? – Deusdeorum Oct 13 '22 at 08:30
0

What those posts are doing (certainly the first one, I didn't check the 2nd one) is calling the Microsoft Graph, which has a "presence" endpoint to get a user's status. There's actually even a specific "/me" endpoint, to get your own personal preference (less access rights needed). See more about this here: https://learn.microsoft.com/en-us/graph/api/presence-get?view=graph-rest-1.0&tabs=http

In order for this to work, as you've mentioned, you do need to have an Azure AD App registration. However, importantly, this will only require "delegated" permission (i.e. only permission from the single user, you, to access just data for that single user, you). As a result, you can use "delegated" and not "Application" permissions, which means that it does -not- require Admin consent for the tenant.

It -does- require and Azure Add Application though, at the risk of stating the obvious. While you don't have tenant admin rights, you need to see if you have Azure rights, just to create an application (you might have this anyway as a developer in your org). If you don't even have this, you can sign up for an M365 Developer account, and use that tenant. Importantly - the application does't have to be in the same tenant. If it's not, it's just a simple multi-tenant app, like any 3rd party Azure AD-backed application is.

Hilton Giesenow
  • 9,809
  • 2
  • 10
  • 24
  • Well, as I am already mentioning in my post, that requires that my app is registered in Azure AD and has the Presence.Read scope granted for MSGraph. Which is not possible since this is a corporate account and I don't have administrator privileges on that Azure AD instance to consent to it. Or am I missing somehting? – SmartDev Oct 13 '21 at 09:44
  • ah fair point, I didn't read well to spot that sufficiently. I've expanded the answer now - let me know if that covers what you need. – Hilton Giesenow Oct 13 '21 at 10:58
  • Thank you for the update, but unfortunately I cannot create apps in the main subscription. As a dev I use another subscription where my corporate user is a guest. – SmartDev Oct 13 '21 at 11:24
  • I discussed that in the last paragraph - it's totally fine if the app registration is in another tenant (in this case your Dev tenant). It's basically how -any- 3rd party M365 app works - the vendor *registers* the app in their own tenant, but the end user *consents* in their tenant. Essentially you just need AN Azure App Id, from any tenant. In practice this is fine in many cases, unless your main admins have turned off the ability for you to consent -any- app (more locked down environments will do this), but in that case even if the app was in your own tenant, you'd have trouble. – Hilton Giesenow Oct 13 '21 at 11:28
  • I already tried that and I failed with "AADSTS700016: Application with identifier 'xx' was not found in the directory 'yy'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant". Could that be because in the "Supported account types -> Who can use this application or access this API?" under Authentication in my registered app I have "Accounts in this organizational directory only" selected and not "Accounts in any organizational directory"? – SmartDev Oct 13 '21 at 11:35
  • oh yes, that's definitely needed - I figured you'd done that but should have checked. As it implies, that's exactly what it's for. Once you've done that, when you try authenticate it in the app it will ask for consent (popup or redirect, depending on what you've implemented, e.g. msal or equivalent) – Hilton Giesenow Oct 13 '21 at 16:36
  • I will, I created a separate app in a separate subscription with authentication set to "Accounts in any organizational directory" but for some reason while the /me endpoint of the MsGraph works fine, the /me/presence shows a "User not found" message. Is really weird and I have all scopes, even the MS graph explorer fails. I suspect there is a sync issue since this is a new subscription and new AD with new users so I will give it some time and let you know how if it worked. – SmartDev Oct 13 '21 at 17:41
  • update 1/2: for some reason I have a problem to consent to Presence.Read permission with the guest user. Even though this permission does not required admin consent, I get the message: "APPNAME needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.". – SmartDev Oct 14 '21 at 07:56
  • update 2/2: Could it be because I am not a verified publisher? I see this message in the API Permissions of my app: "Starting November 9th, 2020 end users will no longer be able to grant consent to newly registered multitenant apps without verified publishers." and I see this message in the consent screen error title: "APPNAME unverified". :( – SmartDev Oct 14 '21 at 07:57
  • I managed to get the Teams presence after all (even if consent was not given) but it shows the Presence *in my organization*, not the presence in the organization the guest user belongs to. So after all I don't think this can work. – SmartDev Oct 14 '21 at 10:07
  • That sounds a bit like you mixed up the tenants and users. You should Auth to your company tenant with your company account and just use the app from your tenant for the token generation. You can check the "tid" parameter in the token for example if you are authed to the correct tenant. – devil_inside Oct 15 '21 at 05:27
  • But if I do this (see 'update 1/2' above) I need an admin from my company to consent. So another dead end, isn't it? – SmartDev Oct 15 '21 at 06:49
  • I'm still looking into this - it might depend on certain more restrictive settings in your main tenant, where a user can't even consent to just basic user scopes. Will let you know if I learn more. – Hilton Giesenow Oct 15 '21 at 09:11