Cli-microsoft365: New command: `teams report directroutingcalls`

Hi All, I'd like to work on this.

Woot! All yours @aakashbhardwaj619 👏

Hi guys! Since this command requires a new permission scope CallRecords.Read.PstnCalls, I was trying it out using a custom AAD app registration in my tenant. But somehow, I can't find this permission scope when trying to grant Graph API permission access. Am I missing something here?

That would be a good question in the MS Graph docs

@aakashbhardwaj619 does it work with CallRecords.Read.All?

Agree with @waldekmastykarz that creating a question issue against the docs is the next step for raising this to the Graph team.

@garrytrinder It doesn't work with CallRecords.Read.All and I get Error: Access token is empty error when running the CLI command.

I just checked in the Graph docs that there is already an issue created for this missing permission scope. https://github.com/microsoftgraph/microsoft-graph-docs/issues/9410

Thanks for the update @aakashbhardwaj619

I’ve also reached out to the Graph team to see if this can be looked at, referencing the GH issue, this has been acknowledged so hopefully this will be resolved quickly.

Until then, let’s place this issue on hold until we hear of any progress.

Following the closure of https://github.com/microsoftgraph/microsoft-graph-docs/pull/9859 the permission required for this endpoint is now CallRecords.Read.All.

I'll add them to our AAD app after the PR is approved. Until then, during dev, @aakashbhardwaj619 you can use a custom AAD app.

Hi guys, I started working on this command but struggling with getting the appropriate access token. I've granted the CallRecords.Read.All application permission to my custom AAD app but when I try to execute the command, the access token I'm getting does not contain the CallRecords.Read.All scope in the scp value and only has the delegated permission scopes. Could anyone guide me on how to get the application permission scope using the device code flow?

Custom AAD App:

JWT Token:

You assigned an app-only permission so if you're authenticating with user credentials, that permission won't be included in the token.

@aakashbhardwaj619 you will need to authenticate using Certificate auth that uses a Custom Azure AD application that has the relevant app permission assigned to it.

I don't think we have any docs covering that scenario end to end, so something we should consider adding gong forwards.

I've found this article which may be able to help.

https://goodworkaround.com/2020/07/07/authenticating-to-azure-ad-as-an-application-using-certificate-based-client-credential-grant/

Hey @aakashbhardwaj619 👋🏻

How are you getting on with this command?

Feel free to reach out if you have any questions.

Discussed with @aakashbhardwaj619 offline, he's happy to let someone else take this on.

@leeford as discussed, this is all yours, thanks again for your help ❤️

Thank you, will get started 👍