Out of the box, SharePoint provides add/edit item rights to the list as long as the user has contribute or full permission. Access policies can be scoped at the site, list and item levels. Since the user has contribute access to a list, it is possible for the user to add items from UI even if we associate a custom form using tools like PowerApps. This will mess up the custom logic or formulas we used in our PowerApps forms before saving the data in the respective list columns.


Restrict the smart user’s data entry on the SharePoint list which is associated with PowerApps using the out of the box approaches such as quick edit.


Create a permission level

A quick way to create a new permission level is to make a copy of an existing permission level. We might want to do this when the existing permission level has permissions similar to what the new permission level will have. After we make the copy, we can add or remove the permissions we need the new permission level to have.

  1. On the Permission Levels page, click the Contribute permission level
  2. On the Edit Permission Level page, choose Copy Permission Level, which is at the bottom of the page after the Personal Permissions section.
  3. On the Copy Permission Level page, type a name as “Restrict Smart User Data Entry“ and description as “This is a custom permission level to restrict manual data entry.” for the new permission level.
  4. Uncheck the View Application Pages permission under List Permissions
  5. After you made the changes, click Submit.

Create Group & Add Users

  1. Click on the Settings icon and choose Site Settings from the drop-down menu.
  2. Go to Site Permissions listed under the Users and Permissions header.
  3. Click on the Create Group icon in the Grant section.
  4. Enter the necessary details in the create group page.
  5. Select the Restrict Smart User Data Entry permission level we created in the previous section.
  6. Click Create
  7. Add the necessary users in this group who can add/edit items in the list that is associated with the PowerApps App.

Configure Permission

  1. Go to the list associated with the PowerApps App
  2. Choose Settings icon and then List settings.
  3. Click Stop Inheriting Permissions to break permissions inheritance from the parent
  4. Click Grant Permissions on the Permissions tab.
  5. In the Share… dialog box, select the group created in the previous section and click share.
  6. Select the out of the box members group and click on remove user permission.
  7. We are all set, now user should not be able to open the list from the browser but can add/edit items from PowerApps app.

We are here to talk about different ideas for improving our process so apply your own permission mechanism based on your requirements to disable the unnecessary data entry on your list/items associated with a custom form.

In this article I am going to explain about the new presence API endpoints introduced by Microsoft Graph API team. We can use these endpoints to read availability(Possible values are Available, AvailableIdle, Away, BeRightBack, Busy, BusyIdle, DoNotDisturb, Offline, PresenceUnknown) and activity information(Possible values are Available, Away, BeRightBack,Busy, DoNotDisturb, InACall, InAConferenceCall, Inactive,InAMeeting, Offline, OffWork,OutOfOffice, PresenceUnknown,Presenting, UrgentInterruptionsOnly.) about the current logged in user or any other users (as long as we have proper permissions to access that user/s).

In order to access the presence API, we will need to configure Presence.Read and Presence.Read.All permission scopes in Azure AD Application. Unfortunately, application permission type is not currently supported for these endpoints but feel free to vote for this idea in the user voice site.

Disclaimer: Presence API endpoints are currently under the beta version. That means these endpoints are subject to change and not recommended to use in production.

Use case 1 – Get current user presence details

HeaderAuthorization  Bearer {token}
Response“id”: “44285e03-f57e-42da-9069-724602c31f6b”, “availability”: “DoNotDisturb”, “activity”: “Presenting”

Use case 2 – Get other user’s presence details

HeaderAuthorization  Bearer {token}
Response“id”: “55285e03-f57e-42da-9069-724602c31f6b”, “availability”: “DoNotDisturb”, “activity”: “Presenting”

Use case 3 – Get more than one user presence details

HeaderAuthorization: Bearer {token} Content-Type: application/json
Body{ “ids”: [“33285e03-f57e-42da-9069-724602c31f6b“, “55285e03-f57e-42da-9069-724602c31f6b“] }
Response{             “value”: [{                                     “id”: “33285e03-f57e-42da-9069-724602c31f6b“,                                     “availability”: “Busy”,                                     “activity”: “InAMeeting”                         },                         {                                     “id”: “55285e03-f57e-42da-9069-724602c31f6b“,                                     “availability”: ” DoNotDisturb “,                                     “activity”: ” Presenting ”                         }             ] }

Hope you found this article helpful! Let me know if I might have missed anything or can be done better.

Developing apps with Power Apps helps the business users solve business problems with easy-to-use tools that don’t require code / less code. In this article I am going to explain how to use a single form control associated with a SharePoint list to add/edit/view items using PowerApps.

I would assume you have the following setup

  • SharePoint list
  • Power App List Form connected with your SharePoint list

Following are the steps I am going to use to convert my form to support add/edit/view functionalities

Step – 1

The Param function retrieves a parameter passed to the app when it was launched. If the named parameter wasn’t passed, Param returns blank. The user will be redirected to the respective form based on ID and Mode parameters.

Step – 2

Assign the CurrentItem variable we have calculated in Step 1 here

Step – 3

Add a Label control and change its visibility expression as shown below:

Step – 4

Add a button outside the form control to create a record in SharePoint and change its visibility expression as shown below:

Change the button’s OnSelect property as shown below:

Step – 5

Add a button outside the form control to update an existing record in SharePoint based on ID parameter and change its visibility expression as shown below:

Change the button’s OnSelect property as shown below:

Demo of overall functionalities

I hope you find this article helpful. Contact me if you have any questions.


  1. Create new row/s for each user entered in Users column in SharePoint list item if the record does not exist in Excel table
  2. Update existing row/s based on the SharePoint list item modifications if the record exist in Excel table


SharePoint List

Excel Sheet with Table

Flow attached to SharePoint List with Complete a custom action for the selected item template

Flow First Time Execution

Flow Second Time Execution with list item modifications

OpenID Connect describes a metadata document that contains most of the information required for an app to do sign-in. This includes information such as the authorization endpoint, token endpoint, tenant region scope, etc. For the discovery endpoint, this is the OpenID Connect metadata document you should use:

The {domain} can take one of two values:

commonUsers with both a personal Microsoft account and a work or school account from Azure AD can sign in to the application.
contoso.comThe friendly domain name of the Office 365 tenant

The metadata is a simple JSON. See the following snippet for an example.

To get the tenant ID, we just need to parse the token_endpoint property as shown below:

We will get the following JSON for the invalid domain name.

Sample PowerApps using the above mentioned endpoint

Hope this helps. Sharing is Caring !

Microsoft Graph is a RESTful web API that enables you to access Microsoft Cloud service resources. In this article, we will go through the requests we have to make in order to access the documents in a SharePoint Document Library.


  • Register an Azure AD app and allow the app to have full/read control to SharePoint sites in all site collections without a signed-in user. Refer the Microsoft Graph permissions reference here
  • Note down the Application ID(Client ID) and Key(Client Secret)
  • Download and install Postman that simplifies the API testing or any API Testing Tool

REST Calls involved

Get Access Token 

To call Microsoft Graph, your app must acquire an access token from Azure Active Directory (Azure AD), Microsoft’s cloud identity service. Access tokens issued by Azure AD are base 64 encoded JSON Web Tokens (JWT). They contain information (claims) that web APIs secured by Azure AD, like Microsoft Graph, use to validate the caller and to ensure that the caller has the proper permissions to perform the operation they’re requesting.

Copy “access_token” value from the following API call’s reponse. This value will be used in the subsequent REST API calls as bearer token.


{tenant-id} with your Office 365 Tenant ID. You can find the same from here.

{client-id} with Application ID copied from Azure AD Application.

{client-secret} with Key(Client Secret) copied from Azure AD Application.

Get SharePoint Site ID

We have to get the SharePoint Site ID(highlighted) where document library is located using the following url:



{host-name} with your SharePoint online root site url.

{server-relative-path} with site’s relative path.

Get Document Libraries from a SharePoint Site

To get a list of document libraries from a SharePoint site, call the following endpoint:



{site-id} with the site id received in the previous step.

Get Files from a Document Library 

To get a list of files in a document library, call the following endpoint:



{site-id} with the site id received in the previous step.

{drive-id} with one of the document library id received in the previous step.

Get a Specific File from a Document Library

To get a specific file from a document library, call the following endpoint:



{site-id} with the site id received in the previous step.

{drive-id} with one of the document library id received in the previous step.

{item-path} with file name or path.

I hope this article has helped you to understand the REST API calls required to reach a file in a SharePoint Document Library using Graph API.

Sharing is Caring !


Sample SharePoint Framework client-side web part for Microsoft Teams Tab illustrating Video Recording using MediaRecorder Web API.

This is an experimental web part. Because this technology’s specification has not stabilized, check the compatibility table for usage in various browsers. Also note that the syntax and behavior of an experimental technology is subject to change in future versions of browsers as the specification changes

Teams Custom Tab


Add Custom Tab

API Management - MSGraph

Custom Tab

Applies to


Solution Author(s)
teams-tab-video-recorder Joseph Velliah (SPRIDER, @sprider)

Version history

Version Date Comments
1.0 November 20, 2018 Initial release



Minimal Path to Awesome

  • clone this repo
  • run npm i
  • go to this Microsoft article and follow the steps to package and deploy my sample
  • Go to your tenant’s API management page to approve the permission requests configured in this web part.


This project illustrates the following concepts:

  • Building Microsoft Teams tab using SharePoint Framework
  • Packaging and deploying web part as a Microsoft Teams tab
  • Front/Back camera selection
  • Video recording using the supported browsers
  • Playback recording
  • Upload recorded video in user’s OneDrive root folder