Introduction to Microsoft Graph API – Part 3

In Previous Article, we have registered application and selected permissions which is required the Administrator Consent

Introduction to Microsoft Graph API – Part 1

Introduction to Microsoft Graph API – Part 2

To grant admin consent, Click on Grant admin consent for undefined

Login using the Global administrator to provide the admin consent

click on Accept which enables application to provide the Admin Consent on behalf the tenant users

Now you can see Admin Consent has been given for the domain name Windowstechpro.com

We are given with admin consent for the application registered. it is time to create client secret to connect to the Graph API

Select the Description and select the Expiration of the client secret

Click on Add

Now the client secret has been generated, Copy the Secret

We have done all the required actions.. we do have ClientId, TenantID, Client Secret to connect graph using the Codes

Let’s try now connecting the Tenant to get the user information

    
 # Azure AD OAuth Application Token for Graph API
 # Get OAuth token for a AAD Application (returned as $token)
  
 # Application (client) ID, tenant ID and secret
 $clientId = "Client ID"
 $tenantId = "Tenant ID"
 $clientSecret = 'Client Secret'
  
 # Construct URI
 $uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
  
 # Construct Body
 $body = @{
     client_id     = $clientId
     scope         = "https://graph.microsoft.com/.default"
     client_secret = $clientSecret
     grant_type    = "client_credentials"
 }
  
 # Get OAuth 2.0 Token
 $tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
  
 # Access Token
 $token = ($tokenRequest.Content | ConvertFrom-Json).access_token
  
 #Azure AD User Details
 $apiUrl = 'https://graph.microsoft.com/v1.0/users/'
 $Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $apiUrl -Method Get
 $users = ($Data | select-object Value).Value
 $users | Export-Csv "C:\Users\radhakrishnan.g\Desktop\OUT\users1.csv" -NoTypeInformation 

could see user details are exported in the csv file without any issues which shows that application registered has right permissions

If required to connect any other Office 365 Work Loads, without proper permissions assigned, it will still fail with error Insufficient Privilege .

In above screenshot, We have tried to connect to Groups without Permissions that is the reason it failed. We still able to assign the permissions again for the application to connect to the right work load

Provide the admin consent required for other permissions name

Once it has be done, you can run the application codes again and see the results without any issues

 
 #Azure AD OAuth Application Token for Graph API
 #Get OAuth token for a AAD Application (returned as $token)
 #Application (client) ID, tenant ID and secret
 $clientId = "Client ID"
 $tenantId = "Tenant ID"
 $clientSecret = 'Client Secret'
 Construct URI
 $uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
 Construct Body
 $body = @{
     client_id     = $clientId
     scope         = "https://graph.microsoft.com/.default"
     client_secret = $clientSecret
     grant_type    = "client_credentials"
 }
 Get OAuth 2.0 Token
 $tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
 Access Token
 $token = ($tokenRequest.Content | ConvertFrom-Json).access_token
 Azure AD Groups Including all groups  Details
 $apiUrl = 'https://graph.microsoft.com/v1.0/groups/'
 $Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $apiUrl -Method Get
 $Groups = ($Data | select-object Value).Value
 $Groups | Export-Csv "C:\Users\radhakrishnan.g\Desktop\OUT\groups.csv" -NoTypeInformation
 

Likewise, we can use the graph for all the work loads of Microsoft Office 365 Services.

Introduction to Microsoft Graph API – Part 1

Introduction to Microsoft Graph API – Part 2

Let’s see all the Graph options in detailed in the upcoming articles..

Leave a Reply

Your email address will not be published.