0

I want to capture the file operation events in OneDrive. So I created a tenant in azure and attached an App with it. I provided the necessary permissions to the app.

I am able to get the access token using the client key, secret created in portal.azure.com. This means that tenant, app and client secret is correct.

Now I am using Office365 management API to subscribe to the content type Audit.SharePoint but in response I get this message,

{'error': {'code': 'AF10001', 'message': 
'The permission set () sent in the request does not include the expected permission.'}}

Can anybody help ?

Note: I am using free account. I am wondering if this error is coming because its a free account.

============================================================== After updating the Azure AD license to P2. It could further but subscription still failed with following error.

{'error': {'code': 'StartSubscription [CorrId=a2c6111b-7908-486b-ab69-9f6ccac7679e][TenantId=9cef4c36-5f08-49c4-9f61-7d4a7860444c,ContentType=Audit.SharePoint,ApplicationId=13d763cd-abbc-456d-96e3-57af430f025f,PublisherId=46b472a7-c68e-4adf-8ade-3db49497518e]
[AppId', 'message': '3d763cd-abbc-456d-96e3-57af430f025f] failed. Exception: 
Microsoft.Office.Compliance.Audit.DataServiceException: Tenant 9cef4c36-5f08-49c4-9f61-7d4a7860444c does not exist.\r\n   
at Microsoft.Office.Compliance.Audit.API.AzureManager.

<GetSubscriptionTableClientForTenantAsync>d__52.MoveNext() in 
d:\\dbs\\sh\\nibr\\0705_172037\\cmd\\2\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line 2116\r\n--- End of stack trace from previous location where exception was thrown 
---\r\n   
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at Microsoft.Office.Compliance.Audit.API.AzureManager.<GetAPISubscriptionAsync>d__22.MoveNext() in 
d:\\dbs\\sh\\nibr\\0705_172037\\cmd\\2\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line 550\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n  
 at Microsoft.Office.Compliance.Audit.API.StartController.<StartSubscription>d__0.MoveNext() in d:\\dbs\\sh\\nibr\\0705_172037\\cmd\\1\\sources\\dev\\auditing\\src\\auditapiservice\\apifrontendservicerole\\Controllers\\StartController.cs:line 76'}}

==================================================== MS Support told to have atleast one license of exchange online. So I started basic trial version of Office 365 for two users in AD. With this, I was able to start auditing for users/admins from compliance.microsoft.com But on hitting the subscription API, I get following error.

"error":{"code":"StartSubscription [CorrId=0a7a9c46-012c-4510-aff6-888a840a74f6][TenantId=9cef4c36-5f08-49c4-9f61-7d4a7860444c,ContentType=Audit.SharePoint,ApplicationId=13d763cd-abbc-456d-96e3-57af430f025f,PublisherId=46b472a7-c68e-4adf-8ade-3db49497518e][AppId","message":"3d763cd-abbc-456d-96e3-57af430f025f] failed. Exception: Microsoft.Office.Compliance.Audit.DataServiceException: Tenant 9cef4c36-5f08-49c4-9f61-7d4a7860444c does not exist.\r\n at Microsoft.Office.Compliance.Audit.API.AzureManager.d__52.MoveNext() in d:\\dbs\\sh\\nibr\\0712_070108\\cmd\\y\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line 2116\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.Office.Compliance.Audit.API.AzureManager.d__22.MoveNext() in d:\\dbs\\sh\\nibr\\0712_070108\\cmd\\y\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line 550\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.Office.Compliance.Audit.API.StartController.d__0.MoveNext() in d:\\dbs\\sh\\nibr\\0712_070108\\cmd\\6\\sources\\dev\\auditing\\src\\auditapiservice\\apifrontendservicerole\\Controllers\\StartController.cs:line 76"}}

Durgesh O Mishra
  • 51
  • 1
  • 2
  • 8

1 Answers1

1

Note: I am using free account. I am wondering if this error is coming because its a free account.

According to ehowardl3:

  • Check Azure Active Directory licensing level, Azure Active Directory licensing requires either a Premium P1 or Premium P2 license to be able to pull event information through the Office 365 Management API. Microsoft does not grant permission to use the API to enable subscriptions for Free or Basic licensing options.

{'error': {'code': 'AF10001', 'message': 'The permission set () sent in the request does not include the expected permission.'}}

Once you get the required license, to resolve above error, according to documentation:

  • AF10001: The permission set ({0}) sent in the request did not include the expected permission ActivityFeed.Read.

So, make sure to grant ActivityFeed.Read permission in Azure Active Directory

Updated answer:

Microsoft.Office.Compliance.Audit.DataServiceException: Tenant *** does not exist

To resolve above mentioned exception, according to markjjo:

  • Make sure that unified auditing is enabled for your Office 365 organization, as per documentation, try the following PowerShell command:
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

References: Office 365 Management API - Postman sample and Can not connect with office 365

Ecstasy
  • 1,866
  • 1
  • 9
  • 17
  • Thanks. with the P2 trial license, It could go further. But on starting subscription, it gives followign error updated in the main question. – Durgesh O Mishra Jul 11 '22 at 10:46
  • Thanks. I am trying to enable audit logs from compliance manager. But on clicking 'start recording user/admin activity', it gives the error that 'Sorry! We couldn't update your organization settings. Please try again.' – Durgesh O Mishra Jul 14 '22 at 08:49
  • After one hour of adding the global administrator role, it gives following error on trying to start recording user/admin activity. 'Substrate Only Agent': 'Organization "neelammishra603gmail.onmicrosoft.com" is not licensed for Exchange email functionality. – Durgesh O Mishra Jul 14 '22 at 09:18
  • [Unable to turn on Audit Logging](https://github.com/MicrosoftDocs/microsoft-365-docs/issues/1112), [Create a support ticket](https://azure.microsoft.com/en-in/support/create-ticket/) and [Get support for Microsoft 365 for business](https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide) – Ecstasy Jul 14 '22 at 09:19
  • MS support told that atleast one exchange license is required. So I enrolled for free trial of Office365 and assigned license to two users in AD. After this I enabled auditing in compliance.microsoft.com. But now still I get this exception (question updated) on hitting subscription API. – Durgesh O Mishra Jul 17 '22 at 08:47
  • 1
    Its confirmed that issue has been resolved. It just took some time to percolate thru. – Durgesh O Mishra Jul 18 '22 at 06:09