A while back I wrote about how using a custom authentication provider with the Graph SDK would allow for the use of a client credential flow. Since then, I began using the @azure/identity package to obtain the access token instead.
However, with the release of the Graph Javascript SDK 3.0, this is no longer needed. With the use of TokenCredentialAuthenticationProvider you can now pass the generated Credential from @azure/identity directly in to TokenCredentialAuthenticationProvider and use the SDK without having to manage the retrival of the token.
Updated: January 30, 2020
Introduction For a while, when using Graph API and PowerShell I have been using my own implementations of communicating with Graph API as outlined in the following posts:
Getting started with Microsoft Graph and PowerShell Authenticating with Graph API Using a Device Code However, at Ignite 2019, it was announced there is a Graph API PowerShell SDK in the works. Even better, its available on GitHub today!
Introduction Recently, I’ve been wanting to use PowerShell Core more often with Graph API. But what has held me back was having to use WinForms or WPF to display the Microsoft login page to authenticate the user. Searching around, it appears you can authenticate Azure AD users with a device code too - https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code
By doing this, your script/tool/app/device can generate a device code to be entered on another device (that has a web-browser).
Introduction I’ve been asked a few times if there is an easy way to report on all web pages in use within Teams. The two main reasons are:
Intrigue in to what sort of web pages users are attaching to their Teams A way of policing users to ensure the feature is not being abused (perhaps a website is blocked using a web-browser but works via Teams) Pre-requisites As with a lot of my posts, out comes PowerShell and Graph API.
When first using Graph API a feature I missed was that data was paged. For example, if I want to retrieve all the groups in a tenant, I would use the following endpoint:
HTTP GET: https://graph.microsoft.com/v1.0/groups This worked fine for me in the demo tenants I was using – I would get all the groups back.
However, I found out there is a limit to results returned (for groups it is 100)!
Note: This script is provided ‘as-is’ without any warranty or support. Use of this script is at your own risk and I accept no responisiblity for any damage caused.
Background Graph is Microsoft’s API for Microsoft 365. By creating an Azure AD application it allows you to interface directly with Azure AD, Office 365, EMS etc using Graph API.
You may want to write a script in PowerShell, Python, C# etc.
Whilst this article is still very much a valid approach, Microsoft have started work on a PowerShell SDK for Graph API - find out more here: https://www.lee-ford.co.uk/graph-api-powershell-sdk/
What is Graph? Graph is Microsoft’s API for Microsoft 365. By creating an Azure AD application it allows you to interface directly with Azure AD, Office 365, EMS etc using Graph API.
The API not only allows you to access data from Microsoft 365 but also modify and delete it.
Whilst Flow does have some integration with Microsoft Teams, one missing feature is the ability to create a Team in Microsoft Teams (you can create Channels, messages etc.).
With recent additions to Graph API, you can create a Team using a template and a Graph API call. This API call can be used within a flow. In this scenario, I’m going to create a flow to create a Team. This will work like so:
This is a quick post to outline the steps to integrate Microsoft Graph API using Microsoft Flow or Azure Logic Apps. The intent is to be able to integrate Graph API without user input. I intend to follow this post with other posts outlining use-cases for this.
Before you start, you need to make sure you have the following:
Access to an Office 365 tenant with administrative access to Azure AD Access to create flows in Microsoft Flow Step 1 - Create an Application in Azure AD You will need to register an application within Azure AD.