Is there a Power Automate Flow expression for the Azure AD attribute "Alternative Email Addresses"

Question

I'm trying to create a Flow that uses the Azure AD connector with the "Get User" action.

I then initialize a variable which allows me to choose dynamic content from the list (such as Business Phone, Location, etc). If I peek code, I see body/businessPhone or body/location. I assumed I could use body/{any attribute}in my expression but this seems to not be the case.

In Azure, the attribute I want is apparently "OtherMail", when in O365, the attribute with the same value is "AlternateEmailAddresses". Neither of those values in the expression work. Interestingly, those values report as {[email protected]} in curly brackets.

If I use the dynamic content to list Company Name (whose code is body/companyName) and insert an email address in Azure AD to that effect, the Flow works.

For the sake of clarity though, I feel that the alternate email address attribute should be used in Azure AD but the Flow doesn't want to work.

Answer 1

First we need to know, the "Get user" action for Azure AD connector request microsoft graph api in backend. It request v1.0 graph api but not beta graph api. If request beta graph api, it will response all of the fields of the user like below screenshot:

But if request v1.0 graph api, it will just response 12 fields as default like below screenshot:

This is why you can't get the field otherMails from the "Get User" action.

To implement your requirements, there are two solutions:

First solution:

Add ?$select=otherMails after the user id in "Get user" action.

I test it in my side, sometimes it works and sometimes it doesn't. I don't know why. You can test this solution in your side, if you can accept this solution, it's fine because it is very simple.

Second solution:

You need to request the graph api manually with "HTTP" action instead of use "Get User" action.

First, you need to register an app in your Azure AD. Copy two id("Application (client) ID" and "Directory (tenant) ID") to notepad for later use.

Then click "API permissions" tab. "Add a permission" --> "Microsoft Graph".

Choose "Application permissions" --> "User.Read.All".

Add the permission, and do not forget grant admin consent for it.

Then click "Certificates & secrets" tab --> "New client secret".

Now, go back to your power automate. Add a "HTTP" action with URI like below screenshot:

At the bottom of "HTTP" action, add a new parameter "Authentication". Fill in the "Tenant" input box with your tenant id, fill in the "Client ID" input box with the "Application (client) ID" of the registered app, fill in the "Secret" input box with the client secret which you generated above.

After running the power automate, you can get the field otherMails.