Steps to troubleshoot Microsoft 365 Graph API responses via debug tools

Steps to troubleshoot Microsoft 365 Graph API responses via debug tools

From Applications Manager version 16310 onwards, Microsoft 365 monitor will use Microsoft Graph API as the primary mode of data collection. 
We have migrated from PowerShell to Graph API as Microsoft 365 PowerShell commands were taking more time to execute for huge resources and needed Administrative user privileges to execute the commands. Microsoft provides only archived data in the Graph API. To monitor live data, use the PowerShell mode considering the user privileges and the time taken to fetch huge resources.
For REST API related common errors in the Applications Manager from version 16310, refer this KB.

Prerequisites:
Ensure that you have met all the prerequisites for the Microsoft 365 monitor.

How to check Graph API Response in URL Debug tool in Applications Manager?

1. Get access token

  1. Go to Application Manager Settings -> Tools -> Self Help Tools -> URL Debug.
  2. Choose New Monitor in Monitor Name, HTTP(s) URLs in Monitor Type.
  3. Give the values as suggested below and replace TENANTID, CLIENT_ID & CLIENT_SECRET with respective values:
    1. URL Address: https://login.microsoftonline.com/TENANTID/oauth2/v2.0/token
    2. Expand HTTP Configurations.
    3. Form Submission Method: POST
    4. Payload Type: Text
    5. Request Parameters: grant_type=client_credentials&scope=https://graph.microsoft.com/.default&client_id=CLIENT_ID&client_secret=CLIENT_SECRET
      1. Ensure that the client secret value does not contain equal to (=) and comma (,) symbol.
    6. Custom HTTP(S) Headers:
      1. Header Name: Content-Type
      2. Header Value: application/x-www-form-urlencoded
    7. Click Execute button.
    8. If the Response code is 200, click the  icon under Webpage content to view the response and copy the access_token value from the JSON response.
    9. If the response code is not 200, generate a PDF report by clicking  icon and reach out to appmanager-support@manageengine.com along with the latest Support Information File (SIF) from Applications Manager with print all logs enabled for analysis.

After a successful response:

2. Get Graph API response

  1. After copying the access_token value, click Back to URL Debug.
  2. Enter the below details to get the Graph API response:
    1. URL Address: Enter the desired URL listed below.
    2. Expand HTTP Configurations.
    3. Form Submission Method: GET
    4. Custom HTTP(S) Headers:
      1. Header Name: Authorization
      2. Header Value: Bearer ACCESS_TOKEN (Replace the copied access_token value)
      3. For URLs with $count add the header: ConsistencyLevel: eventual
    5. Click Execute button.
    6. Check for the response.
    7. If the response code is not 200, generate PDF report by clicking  icon and reach out to appmanager-support@manageengine.com along with the latest Support Information File (SIF) from Applications Manager with print all logs enabled for analysis.

After successful response:

How to check Graph API Response in POSTMAN?

1. Get access token

  1. To get the access token to hit the above APIs, enter the below details and send the request in POSTMAN.
    1. Request type: POST
    2. URL: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
    3. Authorization tab: Type: OAuth 2.0, Add authorization data to: Request Headers
    4. Body Tab: choose x-www-form-urlencoded
      1. click Bulk edit and paste the below content
        1. grant_type:client_credentials
        2. scope:https://graph.microsoft.com/.default
        3. client_id:{{ClientID}}
        4. client_secret:{{ClientSecret}}
  2. Click Send. In the response we should be able to get the access token as in the image below:


2. Get GRAPH API response

  1. Copy the access token got from the above steps.
  2. Make a new request with the below details:
    1. Request Type: GET
    2. URL: <URL>
    3. Authorization tab:
      1. Type: Bearer Token
      2. Token: <Paste the Access Token>
    4. For URLs with $count add the below header.
      1. ConsistencyLevel: eventual
  3. Click Send and check for the response. Find a sample response below.


How to troubleshoot using debug logs?

Debug logs are found in <APM_HOME>/logs/stdout files. Check for the below prints and refer this KB to troubleshoot the issue with the API error and response codes. If not found, gather error traces and reach out to appmanager-support@manageengine.com along with the latest Support Information File (SIF) from Applications Manager with print all logs enabled for analysis.

Microsoft 365

  1. Check for the debug prints starting with 
    1. Office365::
    2. Office365MainDataCollector::
    3. Office365Util::
  2. Search for the below URL responses
    1. https://graph.microsoft.com/v1.0/admin/serviceAnnouncement/healthOverviews
    2. https://graph.microsoft.com/v1.0/reports/getOffice365ActivationCounts
    3. https://graph.microsoft.com/v1.0/users/$count
    4. https://graph.microsoft.com/v1.0/users/$count?$filter=assignedLicenses/$count eq 0
    5. https://graph.microsoft.com/v1.0/subscribedSkus?$select=capabilityStatus,consumedUnits,id,skuId,skuPartNumber,prepaidUnits
    6. https://graph.microsoft.com/v1.0/reports/getOffice365ServicesUserCounts(period='D7')

Exchange Online

  1. Check for the debug prints starting with 
    1. ExchangeOnline::
    2. Office365Util::
  2. Search for the below URL responses
    1. https://graph.microsoft.com/v1.0/admin/serviceAnnouncement/healthOverviews
    2. https://graph.microsoft.com/v1.0/reports/getMailboxUsageDetail(period='D7')

SharePoint Online

  1. Check for the debug prints starting with 
    1. SharepointOnline::
    2. Office365Util::
  2. Search for the below URL responses
    1. https://graph.microsoft.com/v1.0/admin/serviceAnnouncement/healthOverviews
    2. https://graph.microsoft.com/v1.0/reports/getSharePointSiteUsageDetail(period='D7')

Microsoft Teams

  1. Check for the debug prints starting with 
    1. MicrosoftTeams::
    2. Office365Util::
  2. Search for the below URL responses
    1. https://graph.microsoft.com/v1.0/admin/serviceAnnouncement/healthOverviews
    2. https://graph.microsoft.com/v1.0/reports/getTeamsDeviceUsageDistributionUserCounts(period='D30')
    3. https://graph.microsoft.com/v1.0/reports/getTeamsDeviceUsageUserCounts(period='D7')
    4. https://graph.microsoft.com/v1.0/reports/getTeamsUserActivityUserCounts(period='D7')
    5. https://graph.microsoft.com/v1.0/reports/getTeamsUserActivityCounts(period='D7')
    6. https://graph.microsoft.com/beta/teams?$select=id,displayName&$count=true&$top=1
Sample URL Responses:
For positive cases (Able to fetch data):
  1. HashMap from URLDataCollector={responsecode=200, errMsg=, errorCode=0, htmlresponse={"@odata.context":"https://graph.microsoft.com/beta/$metadata#teams(id,displayName)","@odata.count":4,"@odata.nextLink":"https://graph.microsoft.com/beta/teams?$select=id%2cdisplayName&$count=true&$top=1&$skiptoken=m~AQAnOzgyNWEzMWNhN2U4ZTQ1NzY5NDgyODdjZTUyYmRiNzI3OzswOzA7","value":[{"id":"825a31ca-7e8e-4576-9482-87ce52bdb727","displayName":"APM"}]}} ===> KeyValue_Monitor-3#10000284#Thu Dec 15 10:48:37 IST 2022|
  2. Available : RESPONSE : [OrigURL=https://graph.microsoft.com/beta/teams?$select=id,displayName&$count=true&$top=1, EffectiveURL=https://graph.microsoft.com/beta/teams?$select=id,displayName&$count=true&$top=1, IP=20.190.145.169, RedirectCount=0, Status Code:200, Content Length:351]
For negative cases (Unable to fetch data):
  1. UnAvailable : Url=https://graph.microsoft.com/v1.0/reports/getOffice365ServicesUserCounts(period='D7'), QS=, ct=default, uroles=FREEUSER, CS=1, Proxy=false, UA=, t=30, Retry=false, RetryDelay=5, log=false, DNS = false()
    UnAvailable : RESPONSE : [OrigURL=https://graph.microsoft.com/v1.0/reports/getOffice365ServicesUserCounts(period='D7'), EffectiveURL=https://graph.microsoft.com/v1.0/reports/getOffice365ServicesUserCounts(period='D7'), IP=20.190.145.171, RedirectCount=0, Status Code:403, Content Length:279]
  2. CloudUtility :: getResponse() :: Else Block::URL[graph.microsoft.com/v1.0/reports/getOffice365ServicesUserCounts(period='D7')]::Error while fetching response::DataCollectorResponse::{responsecode=403, errMsg=, errorCode=0, htmlresponse={"error":{"code":"UnknownError","message":"{\"error\":{\"code\":\"S2SUnauthorized\",\"message\":\"Invalid permission.\"}}","innerError":{"date":"2022-12-28T09:55:31","request-id":"0dce21f2-d9ef-4bd7-9ff7-f67a008e58ac","client-request-id":"0dce21f2-d9ef-4bd7-9ff7-f67a008e58ac"}}}, error=403, authentication=failed} ===> KeyValue_Monitor-22#10000261#Wed Dec 28 15:25:20 IST 2022|
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                  See all integrations
                  New to ADManager Plus?

                    New to ADSelfService Plus?

                    Start your free trial

                      • Related Articles

                      • IIS Server monitor - Troubleshooting steps

                        Unable to add IIS Server monitor Follow the below given below to add an IIS server monitor in Applications Manager: First, check whether all the prerequisites are done. Check the IIS Server URL is accessible from Applications Manager server. If your ...

                      • Service Now Event Integration using Webhook / Rest API Action

                        Steps to perform in Service Now 1) Login to your ServiceNow Instance(dev*****133.service-now.com) 2) Search for the Rest API Explorer and open it 3) In the Rest API Explorer page choose the Namespace and API Name with the proper API version. For ...

                      • Troubleshooting errors in Microsoft Teams monitor (For versions upto 16300)

                        Prerequisites: Ensure that you have met all the prerequisites for the Microsoft 365 monitor. From Applications Manager version 16300 onwards, Microsoft 365 monitor will use Microsoft Graph API as the primary mode of data collection. We have migrated ...

                      • Best Practices in adding Microsoft 365 monitor

                        From Applications Manager version 16300 onwards, Microsoft 365 monitor will use Microsoft Graph API as the primary mode of data collection. We have migrated from PowerShell to Graph API as Microsoft 365 PowerShell commands were taking more time to ...

                      • Troubleshooting errors that occur while adding Microsoft 365 monitor (For versions upto 16300)

                        Prerequisites: Ensure that you have met all the prerequisites for the Microsoft 365 monitor. From Applications Manager version 16300 onwards, Microsoft 365 monitor will use Microsoft Graph API as the primary mode of data collection. We have migrated ...

                        Related Products