Using the Microsoft Graph for the reluctant IT Pro

Using the Microsoft Graph for the reluctant IT Pro

9768eea42c648fc1dcd190e924deb59c?s=128

Thomas Vochten

October 10, 2019
Tweet

Transcript

  1. 1.

    Using the Microsoft Graph for the reluctant IT Pro Level

    200 | @thomasvochten Office 365 & SharePoint Connect 2019
  2. 2.
  3. 3.

    Thomas Vochten Microsoft MVP. Technical Evangelist. Solution advisor Microsoft 365.

    @thomasvochten https://thomasvochten.com mail@thomasvochten.com
  4. 4.

    Agenda • Introduction to the Microsoft Graph • Authentication and

    authorization basics • Getting to know the Graph by leveraging the right tools • How can we use PowerShell to interact with the Graph
  5. 7.

    The promise of the Graph • Rich content • Deep

    insights • Real-time updates • Broad reach
  6. 8.

    Typical use cases • Onboarding users • Work with Excel

    data • Find meeting times • Covert documents • Manage employee profiles • Keep email data in sync • Correlate security alerts • …
  7. 10.

    Or a more advanced scenario “When a user leaves, query

    their OneDrive with the Graph to let users know about shared documents they will lose access to”
  8. 11.

    The Graph… • Works with a single endpoint • Has

    different versions • Is a RESTful API • Uses the HTTP protocol, uses methods (GET, POST, …) • Works with query parameters • Accepts and returns structured data
  9. 12.

    Basic example GET https://graph.microsoft.com/v1.0/users { "businessPhones": [ "(212) 555-8335" ],

    "displayName": "Aaron Painter", "givenName": "Aaron", "jobTitle": "Strategy Consulting Manager", "mail": "aaronp@thvo.net", "mobilePhone": null, "officeLocation": null, "preferredLanguage": null, "surname": "Painter", "userPrincipalName": "aaronp@thvo.net", "id": "676ca8a1-eaab-4e15-8ee2-72c97b53a4df" }
  10. 14.

    Typical AuthN & AuthZ flow Create an app identity Make

    sure you’re secure Grant permissions to the app Get an access token Generate your requests
  11. 16.

    Granting permissions • Fine grained permission level • Depends on

    what you want to do • Some permissions require admin consent! • Pretty well documented on docs.microsoft.com e.g. Getting info on a particular user:
  12. 17.

    DEMO Creating an app in Azure Active Directory Granting access

    to the Microsoft Graph Exploring the permissions model
  13. 18.

    Requesting an access token client_id client_secret scope grant_type $Grant_Type =

    'client_credentials' $AppId = '2d10909e-0396-49f2-ba2f-854b77c1e45b' $AppSecret = 'abcdefghijklmnopqrstuv12345' $Scope = "https://graph.microsoft.com/.default"
  14. 21.

    How can I do X in the Graph? • Documentation

    • Graph Explorer • Postman
  15. 22.
  16. 23.

    Postman to the rescue • https://www.getpostman.com • Download the Microsoft

    Graph postman collection: https://github.com/microsoftgraph/microsoftgraph-postman-collections • Help at https://docs.microsoft.com/en-us/graph/use-postman
  17. 24.
  18. 28.

    The PowerShell Graph API Install-Module Graph -Repository {RepositoryName} Connect-Graph -ClientId

    ClientId -TenantId TenantId -CertificateName CertificateName Get-UserMessage -UserId UserId -Top 10 -Skip 10 - Select "Id, Subject, CreatedDateTime" | Format-Table CreatedDateTime, Subject, Id Disconnect-Graph
  19. 29.

    We’re stuck with DIY for now • Authenticate • Make

    your request: Invoke-RestMethod is your friend
  20. 31.

    Recap • The Microsoft Graph is not only for developers

    • Make sure you understand authentication and authorization • Learn to use the Graph Explorer (and try Postman too) • Read the docs, they're pretty good • Learning by doing is key
  21. 32.

    References • https://developer.microsoft.com/en-us/graph/ • https://docs.microsoft.com/en-us/graph/ • https://developer.microsoft.com/en-us/graph/graph-explorer • https://docs.microsoft.com/en-us/graph/use-postman •

    https://adamtheautomator.com/microsoft-graph-api-powershell/ • https://www.thelazyadministrator.com/2019/07/22/connect-and- navigate-the-microsoft-graph-api-with-powershell/ • https://github.com/bwya77/GraphAPI