Troubleshooting Powershell and GraphAPI with a little help of Fiddler

For the past two weeks, I have been trying to help a customer create a couple of scripts to create and edit Teams through the use of Powershell and GraphAPI. Although I'm familiar with Powershell's error messages, I faced a new challenge when trying to understand the messages I got when trying to create my scripts.

The biggest issue with how powershell presents the error, is that it seems to present only part of the https respons sent from graph. That wouldn't be an issue if all error messages were presented in the beginning of the response, like the following example:

This is a clear message, telling the user the "secret" used to create the access-token is wrong.

The next example, is not as clear (at least not to me). I have made a deliberate typo, but the error message is only giving me a "400 Invalid request" as a response.

Since using Powershell to invoke GraphAPI commands is basically https/rest traffic, I thought I'd try to capture it with fiddler and see if there was more to the error message than Powershell gave away.

Before you begin, configure Fiddler to capture HTTPS traffic in "options":

When everything is ready, start the capture and run your code. Here are a few examples of errors I ran into.

The following screenshot contain to windows. The upper window is a "raw" representation of what was sent from the client, and the second is capturing the response from Graph. This is quite useful to verify you are sending what you intended, and to capture the entire response:

With the plain error message, it was rather easy to find the right resource value "groups" instead of "group".

After i sorted out the correct URL, I was still hitting the same error message "400 Invalid request" as a response. Really frustrating, as I am now 100% certain my URL is correct. Well, Fiddler to the rescue once again. The response from the server was easy to read and understand. It was clear I had to go through and verify the JSON code.

I hope I have demonstrated how Fiddler (or any other web-traffic capture tool) can make troubleshooting a little bit easier.

Private channels are coming to Microsoft Teams, and this is what you might want to prepare

A couple of weeks ago, admins of Office 365 were notified of the coming of private channels to Microsoft Teams. 

We don't know much about what it is going to look like, or how it's going to be implemented yet. But it has been an anticipated feature, and the community is excited to see how this will work.

The message doesn't really say when to expect the new feature, but it does say "Action required by 23. Aug 2019". And why is that, and what actions may we take?

There isn't much documentation out yet, but there is a link in the message. The link (link) will take you to the "Manage teams policies in Microsoft Teams", and is for now the best way to control who can create Private channels or not.

The documentation explains how to find the policy, how to change the policy, and how to create custom policies and apply policies to the organization. Some organizations might want to prevent everyone from creating private channels in the beginning, and maybe limit this to a couple of champions. Then, after the documentation has been released, and user training have been updated. More and more user can have this feature rolled out.

The steps are rather quick to complete. Simply log into the Teams Admin portal, and locate the Teams policies as shown in this screen dump. Then choose to edit the global policy, or "Add" your own.

There are two setting to adjust. One is on creating new Channels, and the other one on how users may or may not discover such channels. It's all well documented in the article provided.

If you edit the global policy, it will apply to everyone. But if you create a custom policy, you need to assign this to users. Assigning policies to users can be preformed in at least three ways.

1) On the Teams Policy page, select the policy and manage users

2) On a users page, edit the policies assigned to the user

3) If you want to assign to multiple users, based on a group, you may use power-shell.

All of these steps are also detailed in the article.

MVP Renewed

It's an honor to announce I have been awarded the MVP status for the fifth time. There is a lot of work behind this, and being recognized for all the time and energy spent on my passion for technology is really appreciated. It is not something I take for granted, and for every year I know I need to put in a little extra.

After this award cycle there are just over 3000 MVPs world wide. And It's a privilege to be a part of this great community.

Thank you to the MVP team at Microsoft, and congratulations to all renewed MVPs

https://mvp.microsoft.com/en-US/pages/what-it-takes-to-be-an-mvp