Microsoft whiteboards stuck in loading status
search cancel

Microsoft whiteboards stuck in loading status

book

Article ID: 387446

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Users successfully accessing internet sites via Cloud SWG using proxy Forwarding access method.

All corporate users have access to Microsoft Whiteboard, and access it though the Cloud Proxy.

A handful of users have problems accessing the Microsoft whiteboard application where a message about loading board content is displayed. Users can actually create a new whiteboard, but the problem occurs when they try to go back into it, as it seems to be stuck on loading as shown below:

Looking at the logs for a user that had an issue, no block or access denied verdicts are reported in relation to whiteboard.office.com. 

Tested with SSL interception disabled and enabled, without any difference.

 

Environment

Cloud SWG.

Microsoft Whiteboard.

Cause

Access token presented to whiteboard didn't have required permissions.

Resolution

Added problem users to correct groups on Whiteboard setup.

Additional Information

Gathering a working and non working HAR file required to identify issue.

Main difference between a working and non working user is that, when it fails, user POSTs a bearer token but the back end claims it does not have the right permissions for the action ..
 
POST https://xxxxxxx-my.sharepoint.com/_api/v2.1/drives/#######/opStream/joinSession?ump=1 HTTP/2.0
content-length: 2790
content-type: multipart/form-data;boundary=3de31d0d-9f90-4e99-8831-da8c92b7c522
origin: https://whiteboard.office.com
:
Host: xxxxxx-my.sharepoint.com
Authorization: Bearer #####
 

HTTP/2.0 401 Unauthorized
access-control-allow-origin: *
content-length: 187
content-type: application/json
server: Microsoft-IIS/10.0


{"error":{"code":"unauthenticated","innerError":{"code":"authChallengeRequired"},"message":"Due to organizational policies, you can't access these resources from this network location."}}

The token is a JWT token and includes key information about the user and roles. Comparing the JWT tokens from working and non working identified some missing roles, and adding the problem users to additional Azure groups gave the permissions/roles to view all whiteboards.