Thursday, 30 May 2019

Fix "Access to OData is disabled" error when read posts from mailbox using Graph API

I have been working with Microsoft Planner using Graph API and getting the error message ErrorAccessDenied : Access to OData is disabled while reading messages from Office 365 group mailbox.
Request URL:<groupId>/threads/<conversationThreadId>/posts
Request Method: GET
Status Code: 403 Forbidden

  "error": {
    "code": "ErrorAccessDenied",
    "message": "Access to OData is disabled.",
    "innerError": {
      "request-id": "b4bbe2f4-81d1-46cb-8fee-d79d02257e64",
      "date": "2019-05-30T05:39:21"

Solution :

After exploring some time, found that the exchange mailbox and calendar related graph api end-points are internally use EWS (Exchange Web Service) to fetch and update data in mailbox and calendar. You may received this error message either if the EWS access is disabled for all client applications or if EWS access is allowed only for particular applications.

You can check your current tenant EWS access policy by using the Exchange Online powershell cmdlet Get-OrganizationConfig. First, connect EXO powershell module and run the below command:
Get-OrganizationConfig | select EwsApplicationAccessPolicy, EwsAllowList, EwsBlockList
If you find any entries either for Allow access policy or Block access policy, then this might be the root cause for this error. If allow policy configured, then enusure that your client application is included for EWS access, or if block policy configured, then ensure that your client app is not included in block list.

Run the below command to remove the applied EWS access policy.
Set-OrganizationConfig -EwsApplicationAccessPolicy $null
You can refer below articles to know more about how to configure EWS access.


No comments:

Post a Comment