Azure AD GET TenantDetails

Question

I've been playing with some code that queries the current user's tenant details.

However I noticed that when I sign-in using a normal non-admin user the countryLetterCode is returned as null. If I sign-in using an admin user the value is returned.

If I do the same steps through the graph explorer graphexplorer.cloudapp.net the countryLetterCode is returned in both cases - for both admin and non-admin users.

Any ideas

Thanks

Donal

Answer 1

I am using the Azure Graph client(C#) to acquire the countryLetterCode, it works for both normal user and Admin. Here is the code for your reference:

string graphResourceId = "https://graph.windows.net";

Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);

ActiveDirectoryClient client = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));

Console.WriteLine(client.TenantDetails.ExecuteAsync().Result.CurrentPage.First().CountryLetterCode);

Which language were you developing? Would you mind share the code you were developing?

And since the Azure Graph REST could works well, I also suggest that you use the REST API as a workaround.

Update

Based on the test, if I remove the permission Directory.Read.All on the portal, then the normal user can't get the countryLetterCode as you described. Please check this permission on the portal to see whether it is helpful.

Answer 2

It would appear that the non-admin user can call TenantDetails and get just the basic of info back...

From the permissions reference for User.Read/"Sign-in and read user profile" - "Also allows the app to read the following basic company information of the signed-in user (through the TenantDetail object): tenant ID, tenant display name, and verified domains."

However still does not explain why the graph explorer can read it.