Office365 management API - Unable to subscribe

Question

I want to capture the file operation events in OneDrive. So I created a tenant in azure and attached an App with it. I provided the necessary permissions to the app.

I am able to get the access token using the client key, secret created in portal.azure.com. This means that tenant, app and client secret is correct.

Now I am using Office365 management API to subscribe to the content type Audit.SharePoint but in response I get this message,

{'error': {'code': 'AF10001', 'message': 
'The permission set () sent in the request does not include the expected permission.'}}

Can anybody help ?

Note: I am using free account. I am wondering if this error is coming because its a free account.

============================================================== After updating the Azure AD license to P2. It could further but subscription still failed with following error.

{'error': {'code': 'StartSubscription [CorrId=a2c6111b-7908-486b-ab69-9f6ccac7679e][TenantId=9cef4c36-5f08-49c4-9f61-7d4a7860444c,ContentType=Audit.SharePoint,ApplicationId=13d763cd-abbc-456d-96e3-57af430f025f,PublisherId=46b472a7-c68e-4adf-8ade-3db49497518e]
[AppId', 'message': '3d763cd-abbc-456d-96e3-57af430f025f] failed. Exception: 
Microsoft.Office.Compliance.Audit.DataServiceException: Tenant 9cef4c36-5f08-49c4-9f61-7d4a7860444c does not exist.\r\n   
at Microsoft.Office.Compliance.Audit.API.AzureManager.

<GetSubscriptionTableClientForTenantAsync>d__52.MoveNext() in 
d:\\dbs\\sh\\nibr\\0705_172037\\cmd\\2\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line 2116\r\n--- End of stack trace from previous location where exception was thrown 
---\r\n   
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at Microsoft.Office.Compliance.Audit.API.AzureManager.<GetAPISubscriptionAsync>d__22.MoveNext() in 
d:\\dbs\\sh\\nibr\\0705_172037\\cmd\\2\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line 550\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n  
 at Microsoft.Office.Compliance.Audit.API.StartController.<StartSubscription>d__0.MoveNext() in d:\\dbs\\sh\\nibr\\0705_172037\\cmd\\1\\sources\\dev\\auditing\\src\\auditapiservice\\apifrontendservicerole\\Controllers\\StartController.cs:line 76'}}

==================================================== MS Support told to have atleast one license of exchange online. So I started basic trial version of Office 365 for two users in AD. With this, I was able to start auditing for users/admins from compliance.microsoft.com But on hitting the subscription API, I get following error.

"error":{"code":"StartSubscription [CorrId=0a7a9c46-012c-4510-aff6-888a840a74f6][TenantId=9cef4c36-5f08-49c4-9f61-7d4a7860444c,ContentType=Audit.SharePoint,ApplicationId=13d763cd-abbc-456d-96e3-57af430f025f,PublisherId=46b472a7-c68e-4adf-8ade-3db49497518e][AppId","message":"3d763cd-abbc-456d-96e3-57af430f025f] failed. Exception: Microsoft.Office.Compliance.Audit.DataServiceException: Tenant 9cef4c36-5f08-49c4-9f61-7d4a7860444c does not exist.\r\n at Microsoft.Office.Compliance.Audit.API.AzureManager.d__52.MoveNext() in d:\\dbs\\sh\\nibr\\0712_070108\\cmd\\y\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line 2116\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.Office.Compliance.Audit.API.AzureManager.d__22.MoveNext() in d:\\dbs\\sh\\nibr\\0712_070108\\cmd\\y\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line 550\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.Office.Compliance.Audit.API.StartController.d__0.MoveNext() in d:\\dbs\\sh\\nibr\\0712_070108\\cmd\\6\\sources\\dev\\auditing\\src\\auditapiservice\\apifrontendservicerole\\Controllers\\StartController.cs:line 76"}}

Answer 1

Note: I am using free account. I am wondering if this error is coming because its a free account.

According to ehowardl3:

• Check Azure Active Directory licensing level, Azure Active Directory licensing requires either a Premium P1 or Premium P2 license to be able to pull event information through the Office 365 Management API. Microsoft does not grant permission to use the API to enable subscriptions for Free or Basic licensing options.

{'error': {'code': 'AF10001', 'message': 'The permission set () sent in the request does not include the expected permission.'}}

Once you get the required license, to resolve above error, according to documentation:

• AF10001: The permission set ({0}) sent in the request did not include the expected permission ActivityFeed.Read.

So, make sure to grant ActivityFeed.Read permission in Azure Active Directory

Updated answer:

Microsoft.Office.Compliance.Audit.DataServiceException: Tenant *** does not exist

To resolve above mentioned exception, according to markjjo:

• Make sure that unified auditing is enabled for your Office 365 organization, as per documentation, try the following PowerShell command:

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

References: Office 365 Management API - Postman sample and Can not connect with office 365