Getting 401 error when attempting to set Teams work location via OAuth request

I’m attempting to programmatically set my working location in Teams and Outlook Calendar. It’s an API call that isn’t officially documented by Microsoft, but many people have achieved (such as here, here and here).

I’ve added an OAuth connection, as per Make’s guidelines, with scopes including Presence.Read, Presence.ReadAll, and Presence.ReadWrite.

But when I run the module, I’m getting a 401 error. I’m not sure what’s causing it or how to find out. Screenshots containing the input and output are included below.

@Samuel_Stevenson - Can you share the whole flow / scenario? I get the sense that this has to do with not getting the token on behalf of your user to be able to make that post call. In many cases, this is a two step process to first get the token, then use the token in your following api calls.

In your post call you would then use that token as a Bearer token as part of the request header to ensure you’re properly authorized. The 401 error in this case makes sense as there are not any headers or anything that would directly authorize you from what I can tell even though you’re providing the credentials in the http request node.


@workflowsy - I see, yes. That makes sense. How do I go about getting a token? My user has full admin privileges in our M365 tenant.

Here’s the exported scenario:
Set work location in Outlook Calendar.json (9.3 KB)

Thanks so much!

Hey @Samuel_Stevenson - I was able to get the working end to end! That said, the setup is somewhat complex. Have you created enterprise applications in azure before? You basically need to setup an enterprise app, give it credentials as well as the necessary scope to change presence, and then make calls using the setPresence endpoint (presence: setPresence - Microsoft Graph v1.0 | Microsoft Learn)

The one thing that I’m a little confused on is it looks like the status (presence) is something that can be set via graph so the documentation you were reading on this may be outdated.

Here is the high level flow (working).

If you want me to take a loom to walk you through it I can.


@workflowsy - Thanks for looking into this! To clarify, though, I’m not looking to set my Teams presence status (i.e. Busy, Available), but my workLocation (i.e. Remote, Office).

Can I use the same enterprise application I created in Azure as part of setting up the Make connections (as per these instructions) to get the Bearer token?

So, basically the issue here is the /me endpoint. To get a bearer token from the any endpoint with /me in it, you need to do an interactive login in most cases to get an authorization code. That code is then used to make a request to get your bearer token that is then used in your API request that you’re making. This is possible with PowerAutomate as it’s all built into their tooling as they’re microsoft.

The issue with creating client secrets is that you’re not longer using delegated access (which is what the /me endpoint uses) so if you call the /me endpoint to update your location, your bearer token will not be accepted as it only has application permissions, but not delegated privileges.

Now, there are ways to get around this, but to do that in Make is likely going to be a headache. I can do some more digging, but given the interactive authentication flow of the oauth2 /me delegated permission process, it is likely going to be not a super straightforward solution to this without using something like to call Power Automate (via a webhook) or just using PowerAutomate entirely.

Let me know if this helps!

1 Like