top of page

Introduction to Microsoft Graph API – Part 3

Updated: Dec 27, 2023

In Previous Article, we have registered application and selected permissions which is required the Administrator Consent

To grant admin consent, Click on Grant admin consent for undefined

Graph

Login using the Global administrator to provide the admin consent

Graph

Click on Accept which enables application to provide the Admin Consent on behalf the tenant users

Graph

Now you can see Admin Consent has been given for the domain name Windowstechpro.com

Graph

We are given with admin consent for the application registered. it is time to create client secret to connect to the Graph API

Graph

Select the Description and select the Expiration of the client secret

Click on Add

Graph

Now the client secret has been generated, Copy the Secret

Graph

We have done all the required actions.. we do have ClientId, TenantID, Client Secret to connect graph using the Codes.

Let’s try now connecting the Tenant to get the user information

    
 # Azure AD OAuth Application Token for Graph API
 # Get OAuth token for a AAD Application (returned as $token)
  
 # Application (client) ID, tenant ID and secret
 $clientId = "Client ID"
 $tenantId = "Tenant ID"
 $clientSecret = 'Client Secret'
  
 # Construct URI
 $uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
  
 # Construct Body
 $body = @{
     client_id     = $clientId
     scope         = "https://graph.microsoft.com/.default"
     client_secret = $clientSecret
     grant_type    = "client_credentials"
 }
  
 # Get OAuth 2.0 Token
 $tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
  
 # Access Token
 $token = ($tokenRequest.Content | ConvertFrom-Json).access_token
  
 #Azure AD User Details
 $apiUrl = 'https://graph.microsoft.com/v1.0/users/'
 $Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $apiUrl -Method Get
 $users = ($Data | select-object Value).Value
 $users | Export-Csv "C:\Users\radhakrishnan.g\Desktop\OUT\users1.csv" -NoTypeInformation  
Graph

Could see user details are exported in the CSV file without any issues which show that application registered has right permissions

Graph

If required to connect any other Office 365 Work Loads, without proper permissions assigned, it will still fail with error Insufficient Privilege .

Graph

In above screenshot, We have tried to connect to Groups without Permissions that is the reason it failed. We still able to assign the permissions again for the application to connect to the right workload

Graph

Provide the admin consent required for other permissions name

Graph

Graph

Graph

Graph

Once it has been done, you can run the application codes again and see the results without any issues

 
 #Azure AD OAuth Application Token for Graph API
 #Get OAuth token for a AAD Application (returned as $token)
 #Application (client) ID, tenant ID and secret
 $clientId = "Client ID"
 $tenantId = "Tenant ID"
 $clientSecret = 'Client Secret'
 Construct URI
 $uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
 Construct Body
 $body = @{
     client_id     = $clientId
     scope         = "https://graph.microsoft.com/.default"
     client_secret = $clientSecret
     grant_type    = "client_credentials"
 }
 Get OAuth 2.0 Token
 $tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
 Access Token
 $token = ($tokenRequest.Content | ConvertFrom-Json).access_token
 Azure AD Groups Including all groups  Details
 $apiUrl = 'https://graph.microsoft.com/v1.0/groups/'
 $Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $apiUrl -Method Get
 $Groups = ($Data | select-object Value).Value
 $Groups | Export-Csv "C:\Users\radhakrishnan.g\Desktop\OUT\groups.csv" -NoTypeInformation
  
Graph

Likewise, we can use the graph for all the workloads of Microsoft Office 365 Services.

Let’s see all the Graph options in detailed in the upcoming articles..

1 view0 comments

Comments


bottom of page