Skip to content

Add M365Internals admin API imports and validation tooling#41

Merged
PrzemyslawKlys merged 8 commits into
masterfrom
feature/m365internals-import-validation
Apr 2, 2026
Merged

Add M365Internals admin API imports and validation tooling#41
PrzemyslawKlys merged 8 commits into
masterfrom
feature/m365internals-import-validation

Conversation

@PrzemyslawKlys

@PrzemyslawKlys PrzemyslawKlys commented Apr 2, 2026
edited
Loading

Copy link
Copy Markdown
Member

Summary

This PR closes the highest-value internal/private API gaps between O365Essentials and M365Internals while keeping the public connection model centered on Connect-O365Admin.

It adds new admin-center readers for Agents, Copilot, Search, People, Integrated Apps, Tenant Relationships, Backup, Content Understanding, Edge, Brand Center, Viva, pay-as-you-go, and validation/reporting helpers. It also adds the hidden portal replay plumbing required for newer admin.cloud.microsoft routes without exposing extra public connection commands.

What Changed

New public commands

  • Get-O365AgentOverview
  • Get-O365AgentSettings
  • Get-O365AgentTools
  • Get-O365ContentUnderstanding
  • Get-O365CopilotBillingUsage
  • Get-O365CopilotConnectors
  • Get-O365CopilotOverview
  • Get-O365CopilotSettings
  • Get-O365InternalApiFinding
  • Get-O365InternalApiHealth
  • Get-O365InternalApiValidationReport
  • Get-O365OrgBackup
  • Get-O365OrgBrandCenter
  • Get-O365OrgIntegratedApps
  • Get-O365OrgMicrosoftEdge
  • Get-O365OrgPeopleSettings
  • Get-O365OrgVivaSettings
  • Get-O365PayAsYouGoService
  • Get-O365SearchIntelligenceAdvanced
  • Get-O365TenantRelationship
  • Get-O365UnavailableResult
  • Get-O365UnavailableSummary
  • Test-O365UnavailableResult

Connection and replay work

  • Kept Connect-O365Admin as the main public entry point
  • Added hidden portal replay support for admin.cloud.microsoft routes
  • Moved portal attachment/session helpers under Private so publisher rebuilds do not re-export them
  • Added a one-time automatic hidden portal upgrade path on HTTP 440 for portal-sensitive admin.cloud.microsoft routes
  • Improved unavailable-result handling so portal-sensitive failures are surfaced as structured PortalSessionRequired results instead of warning spam
  • Documented the hidden host/app portal attachment contract in code and README

Live route alignment

  • Aligned key replay headers and request shapes with live browser traffic
  • Fixed Search replay so the important routes return data
  • Fixed Agent Overview replay, including browser-valid 200 null offer responses
  • Fixed Copilot connector replay, including the broader connectors routes
  • Fixed Copilot Settings and BillingUsage replay against the live portal route context and SharePoint-flavored _api header requirements
  • Updated Viva to the live admin.cloud.microsoft routes and reclassified Glint as a service-side issue when the browser itself returns HTTP 500
  • Reclassified pay-as-you-go telemetry as a write-only observed route instead of a failed read

Current Support Status

Live-verified working

  • Get-O365TenantRelationship
  • Get-O365OrgPeopleSettings
  • Get-O365OrgIntegratedApps
  • Get-O365OrgBrandCenter
  • Get-O365OrgMicrosoftEdge
  • Get-O365OrgMicrosoftEdgeSiteLists
  • Get-O365OrgBackup
  • Get-O365ContentUnderstanding
  • Get-O365AgentSettings
  • Get-O365AgentTools
  • Get-O365AgentOverview
  • Get-O365SearchIntelligenceAdvanced
    • important routes healthy
    • Qnas remains optional and tenant-specific
  • Get-O365CopilotConnectors
  • Get-O365CopilotSettings
  • Get-O365CopilotBillingUsage
  • Get-O365OrgVivaSettings -Name Modules
  • Get-O365OrgVivaSettings -Name Roles
  • Get-O365OrgVivaSettings -Name AccountSkus
  • Get-O365PayAsYouGoService
    • read surfaces validated
    • Telemetry intentionally modeled as write-only metadata

Added and code-verified, but still needing broader portal-backed live verification

  • Get-O365CopilotOverview

Known exception

  • Get-O365OrgVivaSettings -Name GlintClient
    • live browser validation returned HTTP 500 for the same endpoint
    • current assessment: tenant-side or service-side issue, not a replay mismatch

Testing

Automated

  • Focused Pester coverage added for the new command families and replay plumbing
  • Validation/reporting helper tests are green
  • Latest focused rerun for Copilot plus replay plumbing: 35/35 passing
  • Latest focused rerun for Copilot connectors replay alignment: 15/15 passing
  • Latest focused rerun for Copilot settings and billing replay alignment: 25/25 passing

Live validation

  • Targeted live validation was performed against a real tenant on April 2, 2026
  • Validation emphasized correctness over broad coverage and avoided treating optional or write-only routes as hard failures
  • Live testing also drove the final portal replay alignment for Search, Agents, Copilot connectors, Copilot settings, Copilot billing, Viva, telemetry classification, and Edge site lists

Risks / Follow-up

  • The remaining meaningful follow-up is targeted portal-backed validation for Get-O365CopilotOverview
  • GlintClient should stay treated as a known exception unless the portal itself starts succeeding
  • App/host integrations that want the most portal-sensitive routes should seed hidden O365ESSENTIALS_PORTAL_* context before Connect-O365Admin
  • Avoid broad auth-heavy validation sweeps unless a specific regression appears; targeted reruns have been much more reliable

@PrzemyslawKlys PrzemyslawKlys marked this pull request as ready for review April 2, 2026 21:43
@PrzemyslawKlys PrzemyslawKlys merged commit b5b6736 into master Apr 2, 2026
3 checks passed
@PrzemyslawKlys PrzemyslawKlys deleted the feature/m365internals-import-validation branch April 2, 2026 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PrzemyslawKlys